Qualys to Throw the Spotlight on Cybersecurity Automation at GISEC 2022
Qualys, Inc. has announced it will participate at GISEC 2022 under the theme of “Securing Your Digital Transformation with Cybersecurity Automation”. Regional media outlets have catalogued a sharp surge in cyberattacks since the beginning of the COVID-19 pandemic. In the first half of 2021, malware attacks across the Middle East were up almost 17% on the year-earlier period. Kuwait, Bahrain, Egypt, and Qatar were among the hardest hit and Oman alone saw a 67% increase in incidents.
“As organizations continue to accelerate their digital transformation journeys, they must adapt their threat postures to cover newly adopted technologies and methodologies such as containers, DevOps, mobility, IoT, OT and cloud, while maintaining their traditional data centers,” said Hadi Jaafarawi, Managing Director, Middle East, Qualys. “Qualys’ cloud platform, with its suite of security applications, delivers an indispensable capability to gain visibility across the entire infrastructure, and enhance remediation efforts.”
At GISEC 2022, Qualys will showcase its latest innovations and offer 30-day trials to interested delegates. A key message for the company this year will be the benefits of automation within the cybersecurity function. Automation allows organizations to gain rich visibility across hybrid multi-cloud environments and identify vulnerabilities and suspicious activity.
Automation is also a powerful means to sift through data quickly and offer real-time insights with less false positives, meaning security teams can detect, manage, and resolve vulnerabilities, leading to faster remediation. Additionally, when using machine intelligence to take over manual and repetitive tasks from human agents, security professionals can turn their skills to more complex and innovative tasks, such as hunting more elusive attacks or collaborating with line of business on strategy and policy.
Visitors to the Qualys booth will get a chance to speak with technical experts about Qualys’ full solution portfolio, including:
- Qualys CyberSecurity Asset Management (CSAM) — an asset management solution that enables security teams to reduce the ‘threat debt’ by continuously inventorying assets, applying business criticality and risk context, detecting security gaps like unauthorized or EOL software and responding with appropriate actions to mitigate risk.
- Qualys Vulnerability Management Detection and Response (VMDR) — a single-console platform for the discovery, assessment, prioritization, and patching of critical vulnerabilities in real time, across global hybrid-IT landscapes. This year, Qualys will be highlighting VMDR’s recently added Advanced Remediation capability, which allows organizations to fix asset misconfigurations, patch operating systems and third-party applications, and deploy custom software.
- Qualys Context XDR — the industry’s first context-aware XDR solution that combines rich asset inventory and vulnerability context, network and endpoint telemetry from Qualys sensors, along with high-quality threat intelligence and third-party log data to identify threats quickly and reduce alert fatigue.
Away from the company’s stand, Tarek Naja, security architect for the Middle East at Qualys will give a talk on GISEC’s Dark Stage focused on Azure Active Directory Hacking. The session will cover the main methods used by threat actors to perform reconnaissance, get a foot hold, maintain access, escalate privileges and pivot between on-prem and the cloud.
Jaafarawi added, “The region’s threat landscape never sleeps. Bad actors keep learning. And organizations continue to suffer from IT and security skills gaps. This confluence of factors calls for a renewed look at automation as the best means of securing digital boundaries. GISEC is the region’s preeminent venue for cybersecurity vendors to build awareness around their solutions and innovations. The strong support and participation by UAE government authorities is a huge boon for the event, and Qualys is looking forward to being part of the conversation around how we strengthen our defenses and mitigation options in the days ahead.”
At GISEC 2022, Qualys will exhibit at Stand C47.
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”
Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
Acronis Launches Endpoint Detection and Response
Acronis has announced the general availability of Acronis Advanced Security + Endpoint Detection & Response (EDR) for Acronis Cyber Protect Cloud. With new capabilities such as AI-based attack analysis, Acronis EDR reduces complexity and simplifies workflows for a more streamlined operation, making it easier than ever for MSPs and the businesses they serve to deploy comprehensive security and data protection. With more organizations turning to MSPs for their backup and security needs, and with a greater need for simplicity and efficiency, Acronis EDR aims to expand the adoption of advanced security capabilities, helping organizations of all sizes better protect themselves.
“With the proliferation of endpoints and increasing frequency of cyber threats, EDR has become a mission-critical tool in incident response and the fight for data protection. But solutions that are difficult to deploy and maintain are an obstacle,” said Research Vice President of Security and Trust Michael Suby at IDC. “The best solutions deliver the advanced security of EDR and meet the needs of the IT professionals who use it. That means easy deployments and rapid detection, response, and recovery with AI and automation on board.”
Acronis EDR offers the broadest number of out-of-the-box recovery options that take advantage of the integration with Acronis Cyber Protect’ backup and recovery, endpoint management, and endpoint security capabilities. Designed for Managed Service Providers (MSPs), it allows them to quickly and easily analyze and prioritize security incidents, minimize downtime, and maintain business continuity while keeping their clients safe and protected.
“Other EDR tools can be over-complicated and force MSPs into expensive, time-consuming processes to implement and understand. Acronis EDR delivers a robust EDR solution that is easy to deploy and use while following industry-established standards like the NIST cybersecurity framework and mapping to the MITRE ATT&CK framework,” said Candid Wüest, VP of Research at Acronis. “By rapidly understanding attack analysis and impact, Acronis EDR users can quickly evaluate a potential threat, gain insight into how an attacker gained access, what damage was caused, and how the attack might spread.”
Acronis EDR delivers:
- Optimized Incident Analysis to quickly and easily analyze and prioritize security incidents and potential attacks without relying on costly security expertise or time-consuming processes.
- Integrated Security with Backup & Recovery, for comprehensive protection critical to minimizing downtime and maintaining business continuity in the event of an attack.
- A Complete Cyber Protection Solution in a single agent — simple for MSPs to deploy, manage, and scale — that eliminates the cost, complexity, and security gaps inherent in multiple-point solutions.
“As a cybersecurity expert, I have witnessed firsthand the evolution of EDR and how it has revolutionized the way we approach security,” said Eric O’Neill, former FBI counterintelligence operative. “EDR allows security personnel to efficiently investigate, remediate, and recover from potential incidents while also reducing the attack surface and threat actor dwell time. The latest advances in EDR technology allow for rapid analysis of attack changes, shortened time to respond to incidents, and better business continuity for all organizations.”
Fake ChatGPT Apps Scam Users Out of Thousands of Dollars, Says Sophos
Sophos has announced that it had uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users and bring in thousands of dollars a month. As detailed in Sophos X-Ops’ latest report, “’FleeceGPT’ Mobile Apps Target AI-Curious to Rake in Cash,” these apps have popped up in both the Google Play and Apple App Store, and, because the free versions have near-zero functionality and constant ads, they coerce unsuspecting users into signing up for a subscription that can cost hundreds of dollars a year.
“Scammers have and always will use the latest trends or technology to line their pockets. ChatGPT is no exception. With interest in AI and chatbots arguably at an all-time high, users are turning to the Apple App and Google Play Stores to download anything that resembles ChatGPT. These types of scam apps—what Sophos has dubbed ‘fleeceware’—often bombard users with ads until they sign up for a subscription. They’re banking on the fact that users won’t pay attention to the cost or simply forget that they have this subscription. They’re specifically designed so that they may not get much use after the free trial ends, so users delete the app without realizing they’re still on the hook for a monthly or weekly payment,” said Sean Gallagher, principal threat researcher, Sophos.
In total, Sophos X-Ops investigated five of these ChatGPT fleeceware apps, all of which claimed to be based on ChatGPT’s algorithm. In some cases, as with the app “Chat GBT,” the developers played off the ChatGPT name to improve their app’s ranking in the Google Play or App Store. While OpenAI offers the basic functionality of ChatGPT to users for free online, these apps were charging anything from $10 a month to $70.00 a year. The iOS version of “Chat GBT,” called Ask AI Assistant, charges $6 a week—or $312 a year—after the three-day free trial; it netted the developers $10,000 in March alone. Another fleeceware-like app, called Genie, which encourages users to sign up for a $7 weekly or $70 annual subscription, brought in $1 million over the past month.
The key characteristics of so-called fleeceware apps, first discovered by Sophos in 2019, are overcharging users for functionality that is already free elsewhere, as well as using social engineering and coercive tactics to convince users to sign up for a recurring subscription payment. Usually, the apps offer a free trial but with so many ads and restrictions, they’re barely useable until a subscription is paid. These apps are often poorly written and implemented, meaning app function is often less than ideal even after users switch to the paid version. They also inflate their ratings in the app stores through fake reviews and persistent requests of users to rate the app before it’s even been used or the free trial ends.
“Fleeceware apps are specifically designed to stay on the edge of what’s allowed by Google and Apple in terms of service, and they don’t flout the security or privacy rules, so they are hardly ever rejected by these stores during the review. While Google and Apple have implemented new guidelines to curb fleeceware since we reported on such apps in 2019, developers are finding ways around these policies, such as severely limiting app usage and functionality unless users pay up. While some of the ChatGPT fleeceware apps included in this report have already been taken down, more continue to pop up—and it’s likely more will appear. The best protection is education. Users need to be aware that these apps exist and always be sure to read the fine print whenever hitting ‘subscribe.’ Users can also report apps to Apple and Google if they think the developers are using unethical means to profit,” said Gallagher.