About Us

Forescout Frontline to Combat Ransomware and Threats

Forescout Frontline is a new threat hunting service from Forescout Technologies. It leverages a team of expert cybersecurity analysts to support cybersecurity teams by proactively identifying risks, enabling accelerated incident response, and maturing security posture. Forescout is providing this complimentary service to organizations that lack the internal resources and visibility required to defend themselves against cybersecurity attacks such as ransomware and advanced persistent threats.

Many organizations employ multiple security tools across teams to assist in the identification of threats and risks. However, due to siloed views of IT, IoT, IoMT, or OT assets, insights may be limited. A variety of these asset types typically exist across an organization’s digital terrain and are frequently interconnected, implying that cybersecurity risk must be identified and addressed holistically.

Shawn Taylor, vice president of Threat Defense at Forescout, “Cybersecurity attacks are on the rise. Simultaneously, cybersecurity teams are perennially understaffed and under-resourced. This has created a perfect storm. Organizations are under immense pressure to cope with the scale and speed of attacks and the havoc caused by adversaries. Forescout is launching this new service to help organizations defend against attacks by providing a complete and holistic view of their assets.”

The Threat Hunting and Risk Identification Service, delivered by Forescout Frontline analysts, overcome staffing resource and asset visibility challenges to uncover threats and identify risks that would otherwise go unnoticed. Frontline will assist organizations against cyber threats and vulnerabilities, and help them to discover, validate, and prioritize all assets, including IT, IoT, IoMT, and OT. It will examine the context and risk factors for all findings along with effective risk mitigation and remediation strategies.

Forescout Frontline levels cybersecurity by operationalizing vulnerability research and threat intelligence produced by Forescout’s Vedere Labs and enhancing it with the Forescout Continuum Platform to provide threat hunting services across multiple dimensions. Forescout Frontline analysts are former public and private sector threat hunters with training in threat detection and incident response.

Read more articles:

The benefits of cyber threat intelligence!

Nebulon TimeJump Features Lenovo ThinkSystem

Nebulon TimeJump offers complete ransomware recovery in less than four minutes. Nebulon TimeJump will feature on the Lenovo rack servers to provide all-around ransomware protection. Lenovo ThinkSystem will have instant recovery capabilities for their edge data centres with this integration, it will also provide Lenovo-based 2-server cluster alternative.

Nebulon TimeJump is the only Lenovo storage and server solution that offers all-around ransomware recovery in less than 4- minutes. TimeJump is available for small 2-servers clusters and ensures significant savings and availability against the 3-node HCI solutions. It is built on Nebulon’s smartInfrastructure cloud control plane, Nebulon ON. Nebulon ON utilizes multi-factor authentication to restrict unauthorized login, a feature offered to all users.

Lenovo ThinkSystem offers efficiency, flexibility, and value to ensure the essential requirements at the enterprise edge. With the integration of TimeJump with ThinkSystems, rapid cyber recovery can be easily ensured with a smaller footprint at the edge.

Siamak Nazari, CEO of Nebulon commented, “Data at the edge faces higher security risks and cost pressures than core data centre deployments. With Nebulon, enterprises can reduce costs while improving cyber resilience at the edge—and if attacked by ransomware, they can recover in under four minutes.”

Ransomware, malware, and wiper attacks are on the rise, they can infect the servers, and the need for ransomware protection is imminent. Cyber resilience for infrastructure at the edge is a solution that administrators are desperate to have. To survive the worse, companies need to have an effective ransomware recovery solution in place.

Nebulon ON also offers integrated role-based access control (RBAC) to let organizations handle who has remote or local access to the data and operating environment. Nebulon’s smartInfrastructure enhances the data security with always active encryption for data at-rest and in-flight. It helps in minimizing the risk of human error with its hardware-generated encryption key.

TimeJump is cost-effective and occupies less space than the traditional 3-node-minimum hyper-converged infrastructure (HCI) solutions. It offers ransomware recovery in less than four minutes.

Read more articles:

cyber threat intelligence!

Nebulon to Support Dell PowerEdge Servers

Nebulon TimeJump safeguards both the operating system and application data, preventing the need for manual server and operating system rebuilds and saving valuable time. Furthermore, Nebulon data security software works in an isolated domain within the server, protecting critical data even if the management servers are compromised. Nebulon TimeJump offers users access to the only combined server and storage solution available. It provides a 4-minute ransomware recovery solution. It can deploy ransomware protection for small, two-node management infrastructure clusters, which reduces server purchases, data center space, power, and cooling costs by 33%.

Nebulon offers enterprises a 2-node alternative for their management infrastructure, with near-instant recovery capabilities and a 33% smaller footprint than 3-node-minimum hyper-converged infrastructure solutions, which also take hours or even days to fully recover from ransomware attacks.

Many mid-sized businesses rely on small management infrastructure clusters, which include services like PXE, DNS, DHCP, LDAP, NTP, Radius, VPN, and license servers, to quickly recover their production application environment after a ransomware attack. Since the infrastructure is on a network it can be compromised by a ransomware attack, malware, or wiper attacks, delaying production environment recovery by hours or even days.

Nebulon TimeJump 4-minute ransomware recovery solution with extended support from Dell PowerEdge-based 2-node management clusters restores the management infrastructure back online.

Siamak Nazari, CEO of Nebulon commented, “Ransomware attacks are inevitable. Many enterprises today are focused on protecting their production systems against ransomware attacks, but few have a strategy in place to quickly recover their management clusters. This can be a costly mistake as management infrastructure is critical to recovering production servers. Enterprises need a simple, fast way to ‘recover so they can recover’ – recover their management infrastructure so they can recover their production environment.”

Nebulon smartInfrastructure includes cybersecurity and ransomware protection as a core component, to prevent unauthorized login. Nebulon ON, the smartInfrastructure cloud control plane, employs mandatory multi-factor authentication (MFA). Furthermore, Nebulon’s service includes role-based access control (RBAC), which limits a malicious user’s privileges and access to the server’s data. smartInfrastructure takes data security a step further by providing always-on data encryption at rest and in-flight via a hardware-generated encryption key, rather than user-generated keys, reducing the risk of keys being lost or misappropriated.

Read more articles:

Developers’ interest in cybersecurity grows

cyber threat intelligence!

 

Darktrace Antigena Protects South African Financial Organizations

A global pioneer in cyber security AI, Darktrace, revealed that its Autonomous Response solution, Antigena, effectively stopped an ongoing ransomware attack that recently struck a South African financial services organization.

When it was targeted by a ransomware attack, the company, a developing enterprise providing various financial services to consumers across South Africa, was testing Darktrace AI. The AI technology had developed a unique understanding of the company’s ‘normal’ behavior throughout its digital estate, allowing it to detect tiny signals of a threat and respond quickly.

Darktrace’s security staff and devoted professionals were able to perform a comprehensive investigation after the attack was contained, ensuring that the incident was effectively stored. The company’s Autonomous Response technology subsequently took action to prevent additional contact with the malicious server on the internet across the enterprise, while allowing computers to continue to behave as they had previously learned. The response was targeted and reasonable, ensuring that normal company activities were not disrupted.

VP of Cyber Innovation, Darktrace, Max Heinemeyer, said, “The speed and scale of ransomware attacks today makes it critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process. It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”

Darktrace AI identified that a mail server within the organization was making odd HTTP connections to an external destination in the early morning hours of March 2022, signifying communication with a hostile server on the internet. With a thorough understanding of the organization’s ‘regular’ activities, the AI immediately recognized that this behavior was out of the ordinary and potentially dangerous. Following that, the infected mail server tried reconnaissance and lateral movement. During the incident, attackers used the credentials of 11 employees, including those of C-level officials. Additional machines in the company began interacting with the malicious external server because of this.

Zentera Helps Enterprises Protect Against Insider Threats And Ransomware

Zentera System has announced a major update to its Zentera Air Zero Trust Services platform, which now offers a variety of choices for SMEs to manage common cybersecurity concerns using next-generation Zero Trust Security technology. 

Many of the same cybersecurity challenges affect SMEs and large corporations: ransomware affects business continuity, external compromise generates compliance and data security issues, and theft by malicious insiders jeopardizes a company’s long-term competitiveness.

Both have a spread workforce and a reliance on third-party contractors, and both are moving to cloud computing. SMEs, unlike large corporations, often have limited IT and Infosec resources and do not have the financial resources to invest in substantial infrastructure updates to stay up with the shifting threat landscape.

Zentera Air’s newer technologies are based on the CoIP Access platform’s proven security, which has been used at scale by major businesses, and has been tuned to enable Zero Trust Security controls easy to deploy in minutes.

After signing up for Zentera Air services from one of Zentera’s worldwide ports of presence, administrators may easily onboard essential application servers and begin limiting user and application access to enforce Zero Trust principles.

Zentera’s CEO, Jaushin Lee said, “Zero Trust is one of the hottest topics in cybersecurity, but real adoption has been limited to the largest enterprises due to infrastructure and operational concerns. Zentera Air brings the game-changing benefits of Zero Trust Security to SMEs with a non-disruptive, overlay-based solution that is easy to adopt. Our simple flows and ML-assisted configuration makes it possible for SMEs to embrace Zero Trust Security, even if they are short of cybersecurity expertise.”

InterVision RPaaS Helps Businesses in Combating Ransomware Attacks

InterVision launched Ransomware Protection as a Service (RPaaS), a new solution that aims to help businesses combat the growing threat of ransomware by providing cyber threat protection, detection, recovery, and strategic support.

Every 39 seconds, a cyber-attack occurs. These attacks are not only more common but are also more sophisticated, requiring more comprehensive planning. Businesses typically invest in protection and recovery platforms by integrating and managing multiple different solutions, but InterVision’s RPaaS combines protection, response, and recovery into a single, fully managed service. SLAs and a specialized team of experts are also in place to protect against attacks before they occur.

CEO of InterVision, Jonathan Lerner says, “Companies must start planning for ransomware attacks with urgency as they are no longer just a ‘what if’, but a ‘when’ scenario. Implementing tools and software is just one part of the solution. InterVision’s RPaaS also includes strategic support to help customers create a security roadmap and give them experts to turn to for help in the event of an attack.”

The InterVision RPaaS solution comprises the following features:

  • SOCaaS (Security Operations Center as a Service): A trained team of professionals uses preventative measures to detect threats and protect enterprises from ransomware.
  • Ransomware Response as a Service (RRaaS) is a hybrid of Disaster Recovery as a Service (DRaaS) and Backup as a Service (BaaS) that focuses on ransomware protection and recovery strategies.
  • A virtual CISO provides strategic support: During ransomware threat detections, a specialized vCISO directs the maturation of security and risk mitigation and functions as a counselor to a business.

CTO of InterVision, John Gray says, “Ransomware continues to threaten the IT landscape, requiring companies to evolve from traditional, disconnected cybersecurity tools to a comprehensive managed platform, RPaaS is designed to provide the holistic solution businesses need to protect themselves, ultimately gaining peace of mind.”

HEAT Bypasses Traditional Security Defenses

Menlo Security has discovered an increase in cyber threats defined as Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses.

HEAT attacks are a type of cyberattack that uses strategies to evade detection by several layers in today’s security stacks, including firewalls, Secure Web Gateways, sandbox analysis, URL reputation, and phishing detection. HEAT threats are used to transfer malware or compromised credentials, leading to ransomware attacks in many circumstances.

The research team concluded that 69 % of malicious domains used HEAT methods to deliver malware after analyzing over 500,000 of them. By adapting to the intended environment, these attacks allow bad actors to transmit malicious content to the endpoint. HEAT attacks have increased by 224 % since July 2021.

CEO of Menlo Security, Amir Ben-Efraim said, “With the abrupt move to remote working in 2020, every organization had to pivot to work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware, and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them. Cyber threats are a mainstream problem and a boardroom issue that should be on everyone’s agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective.”

ESG Senior Analyst, John Grady said, “Highly Evasive Adaptive Threat (HEAT) attacks evade existing security defenses by understanding all the technology integrated into the existing security stack and building delivery mechanisms to evade detection. Organizations should focus on three key tenets to limit their susceptibility to these types of attacks: shifting from detection to a prevention mindset, stopping threats before they hit the endpoint, and incorporating advanced anti-phishing and isolation capabilities.”

Cisco Patches 14 Vulnerabilities In Small Business RV Series Routers

Cisco has a security update for 14 vulnerabilities in its Small Business RV Series routers, the most critical of which might allow attackers to get unauthenticated remote code execution or run arbitrary commands on the basic Linux operating machine.

“The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory. Some of the vulnerabilities are dependent on one another. The exploitation of one of the vulnerabilities may be required to exploit another vulnerability,” said Cisco in the accompanying security advisory. Fortunately, the proofs of concepts aren’t public — Cisco (mainly) refers to the exploits used by security researchers to “pwn” the Cisco RV340 router during the Pwn2Own hacking event in November 2021 in Austin, Texas.

Cisco Small Business RV160, RV260, RV340, and RV345 Series routers are affected by the flaws.

They were assigned CVE numbers in order, beginning with CVE-2022-20699 and concluding with CVE-2022-20712. CVE-2022-20749 has been assigned to the last one.

They may provide attackers the ability to:

  • Obtain RCE
  • Increase their rights to root and allow them to run commands.
  • On an affected device, install and boot a malicious software image or run unsigned binaries.
  • View or modify data shared between a vulnerable device and certain Cisco servers.
  • Obtain access to the device’s web UI by bypassing authentication protections.
  • On the underlying operating system, inject and execute arbitrary commands.

As there are no workarounds, it is advised that users install the specified security updates as soon as possible.

While a security upgrade for the RV340 and RV345 Series routers is currently available, one for the RV160 and RV260 Series routers is still in the works and will be published later this month.

Developers’ interest in cybersecurity grows substantially in data breaches.

The statistics of O’Reilly’s annual platform analysis, which examines the most popular queries and content on the company’s learning platform, were released. There has been significant growth in interest in specific cybersecurity challenges.

The amount of content about ransomware has nearly tripled (a 270% increase). Privacy (up 90 %), identity (up 50 %), application security (up 45 %), malware (up 34 %), governance (up 35 35 %), and cybersecurity compliance (up 35 %) all saw significant year-over-year growth (up 30 %). This is unsurprising, given the 17 % increase in data breaches observed in 2021 compared to 2020. (ITRC).

With the high-profile occurrences involving ransomware, supply chain attacks, the exploitation of key systems vulnerabilities, and the new focus on cryptocurrency theft from last year, interest in cybersecurity subjects is likely to continue to rise in 2022 and beyond.

The VP of emerging technology content O’Reilly, Mike Loukides said, “Analysing annual trends in technology usage helps our community stay abreast of emerging technology areas—whether it’s learning about software architecture for the cloud, mastering new languages to support cryptocurrency, or productizing AI. These valuable insights empower software developers, data scientists, and other practitioners to begin the hard work of taking emerging technologies and deploying them as real-world solutions.”  

Ransomware Families Evolve with New Attacking Methods

Ivanti, Cyber Security Works and Cyware released a report that identified 32 new ransomware families in 2021, bringing the total to 157, a 26% increase from the previous year.

The report also found that these ransomware groups will continue to target unpatched vulnerabilities and weaponize zero-day vulnerabilities in record time to instigate disabling attacks. Simultaneously, they are broadening their attack spheres and devising new ways to compromise organisational networks and launch high-impact attacks with impunity.

Srinivas Mukkamala, SVP of Security Products at Ivanti, said: “Ransomware groups are becoming more sophisticated, and their attacks more impactful. These threat actors are increasingly leveraging automated tool kits to exploit vulnerabilities and penetrate deeper into compromised networks. They are also expanding their targets and waging more attacks on critical sectors, disrupting daily lives and causing unprecedented damage. Organizations need to be extra vigilant and patch weaponized vulnerabilities without delays. This requires leveraging a combination of risk-based vulnerability prioritization and automated patch intelligence to identify and prioritize vulnerability weaknesses and then accelerate remediation.”

Anuj Goel, CEO at Cyware, said, “The substantive change we’ve observed across the ransomware landscape is that the attackers are looking to penetrate processes like patch deployment as much as they look for gaps in protection to penetrate systems. Vulnerability discovery must be met with an action that treats vulnerability data as intelligence to drive swift response decisions. As ransomware gangs operationalize their tooling, methods and target lists, its essential for SecOps teams to automate processes to self-heal vulnerable assets and systems to mitigate risk through real-time intelligence operationalization.”