Connect with us

Market Research

Fortinet Outs its Inaugural Sustainability Report

Published

on

Fortinet today announced its inaugural Sustainability Report, detailing the company’s sustainability strategic framework, initiatives, and key performance metrics. The company plans to share updated progress on an annual basis.

“At Fortinet, we understand the importance of making sustainability integral to our business model,” said Barbara Maigret, Global Head of Sustainability & CSR at Fortinet. “2021 was the year for defining our strategy and planning the company’s journey for the medium- to long-term. With our inaugural sustainability report, we aim to increase transparency on progress to date and allow our stakeholders – including customers, partners, employees, suppliers, shareholders, and communities – to better understand our corporate social responsibility approach, leading with ambition towards a more sustainable world and safer internet.”

Following a materiality assessment conducted in 2021 to identify and prioritize the Environmental, Social, and Governance (ESG) issues that are most significant to Fortinet’s business and to its stakeholders, the company defined the following four main areas of impact:

  • Innovating for a safe internet: Fortinet is committed to advancing cybersecurity, driving digital progress, and creating a trustworthy and safe digital world. The company delivers on this commitment through innovation, community engagement, and partnerships. Fortinet has continued to innovate on the industry’s broadest portfolio of cybersecurity solutions adding eight new product families in 2021 only. Fortinet also regularly engages with numerous industry associations and groups, contributing to standardization and interoperability while also sharing actionable threat intelligence with organizations such as the Cyber Threat Alliance (CTA), the World Economic Forum (WEF)’s Center for Cybersecurity, and INTERPOL. Through these partnerships, Fortinet is working to combat cybercrime and help mitigate future cyberthreats.
  • Respecting the environment: Fortinet is committed to environmentally responsible behavior by reducing the footprint of its products and solutions, adopting responsible approaches to its daily business operations, and helping its broader value chain progress toward circularity. In 2021, Fortinet publicly announced its commitment to carbon neutrality by 2030 using renewable energy, energy, and carbon efficiency methodologies, and emission offset programs. This target is relative to Scope 1 and Scope 2 emissions resulting from the company’s owned facilities worldwide, in alignment with the Science-Based Target Initiative (SBTi). Fortinet’s other environmental efforts include the introduction of biodegradable packaging to the company’s first class of products, reduction of the company’s waste, and reduction in energy consumption. Through these initiatives, the company ensures that each generation of Fortinet products consumes less energy than the prior generation. This is the case with the FortiGate F series, where energy consumption has been reduced by an average of 61%.
  • Growing an inclusive cybersecurity workforce: Fortinet is committed to fostering a diverse, equitable, and inclusive culture. Fortinet’s team represents a broad range of cultures, demographics, and professional backgrounds, enriching the company culture and driving its success. As part of its ongoing commitment to transparency and to bringing more women into the cyber workforce, the company has released its workforce data in 2021 and highlighted an increase of 71.6% in its women hires compared to 2020. Fortinet is also focused on reducing the cybersecurity skills gap across a wide and diverse range of audiences. The company is committed to raising awareness of the benefits of cybersecurity careers and improving opportunities for under-represented groups through its Education Outreach program and training offered through the Fortinet Training Institute. As a result, in 2021, Fortinet bolstered its commitment to address the cybersecurity skills gap by pledging to train one million people globally across the next five years.
  • Promoting responsible business: Fortinet employs corporate governance practices to do business ethically and work diligently to ensure compliance with all laws and respect of human rights. Those practices are overseen by Fortinet’s Board of Directors and reviewed by our internal cross-functional Ethics Committee. We expect our employees, suppliers, and partners to do their part in helping us build a highly ethical and reputable business by understanding and complying with all of Fortinet’s policies, including our anti-corruption policy, our Code of Business Conduct, and Ethics and privacy policy. Fortinet has issued a dedicated Human Rights Policy to reinforce its commitment to responsible product use and ethical business across its value chain.

Fortinet’s Sustainability Report references the Global Reporting Initiative (GRI) Standards, Sustainability Accountability Standards Board (SASB) Standards, and the United Nations Sustainable Development Goals (UN SDGs). The report provides details and metrics on the following eight priority issues: cybersecurity risks to society; information security & privacy; product environmental impacts; environmental management & climate change impacts; diversity, equity, and inclusion; cybersecurity skills gap; business ethics; and responsible product use.

Cyber Security

Group-IB Unveils Unified Risk Platform

Published

on

Group-IB has today unveiled the Unified Risk Platform, an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time. Every product and service in Group-IB’s now consolidated security suite is enriched with information from a Single Data Lake, which contains 60 types of sources of adversary intelligence. The Unified Risk Platform automatically configures your Group-IB defenses with the precise insights needed to provide the best possible defense against targeted attacks on the infrastructure and endpoints, breaches, fraud, brand, and IP abuse.

“At the heart of the Unified Risk Platform is a Single Data Lake that has the most complete and detailed insight into threat actors. Group-IB has collected the industry’s broadest range of adversary intelligence, with 60 types of sources across 15 categories,” the company said in a statement.

The data is gathered by and exclusive to Group-IB, providing customers with unprecedented visibility of threat actors’ operations. The raw data is enriched with context, converted into actionable intelligence, and added to Group-IB’s Single Data Lake. The patented technology is continuously refined by state-of-the-art research, science, and modeling conducted by Group-IB’s dedicated analyst teams spanning 11 cybersecurity disciplines.

The modular architecture of the Unified Risk Platform allows additional capabilities to be easily activated, providing increased protection from cybercrime without friction. A range of out-of-the-box integrations and flexible APIs enable the Unified Risk Platform to easily enhance any existing security ecosystem. When organisations need specialist support, Group-IB’s comprehensive suite of services is available for any purpose, from one-off red teaming exercises or incident response to in-life managed detection and response.

In addition to the services, every Group-IB product is powered by the platform to provide complete coverage of the Cyber Response Chain:

  • Group-IB Threat Intelligence provides deep insight into adversary behaviors. Threat Intelligence was independently evaluated as creating a 10% increase in team efficiency over alternative vendors and in a case study generated a 339% return on investment.
  • Group-IB Managed XDR enables organizations to respond 20% faster to threats according to an analyst study.
  • Group-IB Digital Risk Protection allows organizations to reduce the risk of brand abuse, piracy, data leaks, and more with best-in-breed protection. Group-IB has been benchmarked as detecting pirated content in 30 min on average and taking down 80% of the content within 7 days.
  • Fraud Protection was calculated by consultants to reduce the rate of false-positive fraud cases by 20% and enable 10% to 20% more fraud attempts to be detected and prevented. Furthermore, Group-IB identified 30% more one-time password fraud.
  • Attack Surface Management continuously discovers external assets to identify shadow IT, forgotten infrastructure, misconfigurations, and other hidden risks. As part of the Unified Risk Platform, the solution provides a threat actor’s view of the attack surface so that weak spots can be quickly and proactively strengthened.
  • Business Email Protection defends corporate email from sophisticated attacks. The solution monitors for indicators of compromise identifies malicious behavioral markers and extracts artifacts to identify risky emails before they reach their destination.
Continue Reading

Cyber Security

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23

Published

on

Executive performance evaluations will be increasingly linked to the ability to manage cyber risk; almost one-third of nations will regulate ransomware response within the next three years; and security platform consolidation will help organizations thrive in hostile environments, according to the top cybersecurity predictions revealed by Gartner, Inc. today.

In the opening keynote at the Gartner Security & Risk Management Summit in Sydney, Richard Addiscott, Senior Director Analyst, and Rob McMillan, Managing Vice President at Gartner discussed the top predictions prepared by Gartner cybersecurity experts to help security and risk management leaders be successful in the digital era.

“We can’t fall into old habits and try to treat everything the same as we did in the past,” said Addiscott. “Most security and risk leaders now recognize that major disruption is only one crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program, and our architecture.” Gartner recommends that cybersecurity leaders build the following strategic planning assumptions into their security strategies for the next two years.

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP. As of 2021, almost 3 billion individuals had access to consumer privacy rights across 50 countries, and privacy regulation continues to expand. Gartner recommends that organizations track subject rights request metrics, including cost per request and time to fulfill, to identify inefficiencies and justify accelerated automation.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor’s SSE platform. With a hybrid workforce and data everywhere accessible by everything, vendors are offering an integrated security service edge (SSE) solution to deliver consistent and simple web, private access, and SaaS application security. Single-vendor solutions provide significant operational efficiency and security effectiveness compared with best-of-breed solutions, including tighter integration, fewer consoles to use, and fewer locations where data must be decrypted, inspected, and re-encrypted.

60% of organizations will embrace Zero Trust as a starting point for security by 2025. More than half will fail to realize the benefits. The term zero trust is now prevalent in security vendor marketing and in security guidance from governments. As a mindset — replacing implicit trust with identity- and context-based risk-appropriate trust — it is extremely powerful. However, as zero trust is both a security principle and an organizational vision, it requires a cultural shift and clear communication that ties it to business outcomes to achieve the benefits.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements. Cyberattacks related to third parties are increasing. However, only 23% of security and risk leaders monitor third parties in real-time for cybersecurity exposure, according to Gartner data. As a result of consumer concerns and interest from regulators, Gartner believes organizations will start to mandate cybersecurity risk as a significant determinant when conducting business with third parties, ranging from simple monitoring of a critical technology supplier to complex due diligence for mergers and acquisitions.

By 2025, 30% of nation-states will pass legislation that regulates ransomware payments, fines, and negotiations, up from less than 1% in 2021. Modern ransomware gangs now steal data as well as encrypt it. The decision to pay the ransom or not is a business-level decision, not a security one. Gartner recommends engaging a professional incident response team as well as law enforcement and any regulatory body before negotiating.

By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties. Attacks on OT – hardware and software that monitors or controls equipment, assets, and processes – have become more common and more disruptive. In operational environments, security and risk management leaders should be more concerned about real-world hazards to humans and the environment, rather than information theft, according to Gartner.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest, and political instabilities. The COVID-19 pandemic has exposed the inability of traditional business continuity management planning to support the organization’s response to a large-scale disruption. With continued disruption likely, Gartner recommends that risk leaders recognize organizational resilience as a strategic imperative and build an organization-wide resilience strategy that also engages staff, stakeholders, customers, and suppliers.

By 2026, 50% of C-level executives will have performance requirements related to risk built into their employment contracts. Most boards now regard cybersecurity as a business risk rather than solely a technical IT problem, according to a recent Gartner survey. As a result, Gartner expects to see a shift in formal accountability for the treatment of cyber risks from the security leader to senior business leaders.

Continue Reading

Cyber Security

The Conti Enterprise: Ransomware Gang that Published Data Belonging to 850 Companies

Published

on

Group-IB has today presented its findings of ARMattack, one of the shortest yet most successful campaigns by the Russian-speaking ransomware gang Conti. In slightly more than a month, the notorious ransomware collective compromised more than 40 companies worldwide. The fastest attack took only three days according to Group-IB’s report “CONTI ARMADA: ARMATTACK CAMPAIGN”. In two years, the ransomware operators attacked more than 850 victims including corporations, government agencies, and even a whole country. The research dives deep into the history and major milestones of one of the most aggressive and organized ransomware operations.

Conti is considered one of the most successful ransomware groups. The gang’s existence first came to light in February 2020, when malicious files with the extension “.сonti” appeared on the radar of Group-IB researchers. However, the initial test versions of the malware date back to November 2019. Since 2020, Conti has been dominating the ransomware scene alongside Maze and Egregor in terms of the number of companies whose data has been encrypted.

In 2020, Conti published data belonging to 173 victims on their dedicated leak site (DLS). By the end of 2021, Conti came out on top as one of the largest and most aggressive groups, having published data belonging to 530 companies on its DLS. In just four months in 2022, the group posted information belonging to 156 companies, making for a total of 859 DLS victims in two years, including 46 in April 2022. The actual number of victims is believed to be significantly higher.

Conti and their affiliates attack often and quickly. Group-IB experts analyzed one of the group’s lightning-fast and most productive campaigns, codenamed “ARMattack”. The campaign lasted only about a month (from November 17 to December 20, 2021), but it turned out to be extremely effective. The attackers compromised more than 40 organizations worldwide. Most attacks were carried out in the US (37%), but the campaign also surged through Europe, with victims in Germany (3%), Switzerland (2%), the Netherlands, Spain, France, the Czech Republic, Sweden, and Denmark (1% each). The group also attacked organizations in the UAE (2%) and India (1%).

Historically, the top five industries most frequently targeted by Conti are manufacturing (14%), real estate (11.1%), logistics (8.2%), professional services (7.1%), and trade (5.5%). After gaining access to a company’s infrastructure, the threat actors exfiltrate specific documents (most often to determine what organization they are dealing with) and look for files containing passwords (both plaintext and encrypted). Lastly, after acquiring all the necessary privileges and gaining access to all the devices they are interested in, the hackers deploy ransomware to all the devices and run it.

According to the Group-IB Threat Intelligence team, the gang’s fastest attack was carried out in exactly three days, from initial access to data encryption. Group-IB for the first time analyzed Conti’s “working hours”. Most likely, the group members are located in different time zones; however, the schedule shows their high efficiency: on average, Conti “works” 14 hours a day without holidays (except for “New Year holidays”) and weekends. The group starts working closer to noon (GMT+3) and its activity declines only after 9:00 PM.

The geography of Conti’s attacks is vast but does not include Russia. The group clearly adheres to the unspoken rule among Russian-speaking cybercriminals: do not attack Russian companies. Most attacks occur in the United States (58.4%), followed by Canada (7%), the United Kingdom (6.6%), Germany (5.8%), France (3.9%), and Italy (3.1%).

Another reason behind not targeting Russian companies is that key Conti members refer to themselves as “patriots”. This fact was the cause of an “internal conflict” in the group in February 2022, which resulted in some of Conti’s valuable information being leaked online. The published data included private chat logs, the servers they use, a list of victims, and details of Bitcoin wallets, which stored over 65,000 BTC in total. The leaked chats revealed that the group had faced serious financial difficulties and that their boss had gone off the radar. Yet its members were fully prepared to restart the project after 2 to 3 months.

Despite the “stab in the back” and increased attention from law enforcement, Conti’s appetites continued to increase. They attacked not only large companies, but entire countries as well. Conti’s “cyber war” against Costa Rica in April 2022 led to a state of emergency being declared. Conti has worked closely with other ransomware operators such as Ryuk, Netwalker, LockBit, and Maze. They even tested Maze’s ransomware, reverse-engineered it, and thereby significantly improved their own. An analysis of the ARMattack campaign revealed that the group’s arsenal included not only previously described Windows tools, but also Linux ransomware: Conti and Hive.

That said, the group tends to create unique tools without reusing code snippets. This way, when compared, the code for their tools will not help identify common patterns. Before the chat logs were leaked, cybersecurity researchers could only assume that some RaaS (Ransomware-as-a-service) affiliate programs were in fact Conti divisions. At the same time, the interaction was extensive. Sometimes Conti used network access from other initial access brokers, other times the gang shared their own access for a modest 20% of the revenue.

Just like a legitimate IT business, Conti has its own HR, R&D, and OSINT departments. There are team leads, regular salary payments, and an incentive program. One of Conti’s distinctive features is using new vulnerabilities, which helps the group gain initial access. For instance, Conti was seen exploiting the recent CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105 vulnerabilities in the log4j module.

Less than a week later, Conti exploited these vulnerabilities to attack vCenter servers. The leaked chat logs also showed that the group monitors fresh vulnerabilities carefully. One of the tasks from Conti’s CEO to the technical team was to monitor Windows updates and analyze changes made with new patches — which once again highlights the need to install updates as soon as possible. In addition, the Conti crew includes specialists with experience in discovering zero-days.

“Conti’s increased activity and the data leak suggest that ransomware is no longer a game between average malware developers, but an illicit RaaS industry that gives jobs to hundreds of cybercriminals worldwide with various specializations,” says Ivan Pisarev, Head of Dynamic Malware Analysis Team at Group-IB’s Threat Intelligence department. “In this industry, Conti is a notorious player that has in fact created an “IT company” whose goal is to extort large sums. It is difficult to predict what will happen to Conti in the future: whether it will continue working after a large-scale rebranding or be divided into smaller sub-projects. It is clear, however, that the group will continue its operations, either on its own or with the help of its “subsidiary” projects.”

Continue Reading
Advertisement


Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.