Connect with us

News

NETSCOUT Highlights Cyberthreats to Watch Out for in 2023

Published

on

NETSCOUT has revealed its top security trends to watch out for in 2023. Based on recent data, the company has predicted that geopolitical unrest, the evolution of ransomware, and the growing popularity of Adaptive DDoS, Direct-Path DDoS, and Outbound and Cross-bound DDoS attacks will have a significant impact on the security industry in 2023.

Emad Fahmy, Systems Engineering Manager Middle East at NETSCOUT, explained, “In the world of cybercrime, innovation is a constant. By constantly innovating and adapting, attackers are designing new, more effective attack vectors or doubling down on existing effective methodologies. Although the future is always difficult to predict, one thing is certain, cyber-attacks will not subside. Moreover, when it comes to cyber-attacks, no business sector is off-limits. Cybercriminals target regional businesses of all sizes and in all sectors, whether public or private.”

Geopolitical Unrest
Although distributed denial-of-service (DDoS) attacks have steadily increased over the past 20 years, recent data firmly establishes the reality that network operators need to understand, prepare for, and expect attacks related to politics, religion, and ideology. Nation-state actors often directly target internet infrastructure to take out critical communications, e-commerce, and other vital infrastructure dependent on internet connectivity. This, of course, means targeting internet service provider (ISP) networks to limit internet connectivity.

Further, nation-states typically possess vastly greater resources at their disposal than other malicious actors. Every year, they create new DDoS attack vectors, proving that they are constantly innovating and exploring new, more potent attack methods. As DDoS defenses become more precise and effective, attackers continue to develop new DDoS attack vectors and methodologies to circumvent these defenses. These advanced techniques invariably find their way into the hands of criminal gangs and even individual hackers, who turn them against any entity from whom they can profit.

Ransomware
Ransomware attacks have posed a significant threat to businesses and individuals in recent years and will continue to evolve and become more sophisticated in 2023. One trend that will continue to evolve is the use of ransomware in combination with other attacks, such as supply chain attacks. It is also likely that malicious actors will continue to target specific industries or types of organizations with ransomware attacks, specifically to maximize their profits. For example, hospitals and other healthcare organizations have been particularly vulnerable to ransomware attacks in the past because, with lives at stake, they may be more willing to pay a ransom to regain access to critical systems and data.

Another ransomware trend that will continue in 2023 is the use of triple extortion attacks. These campaigns begin by infiltrating a network and stealing valuable assets, such as trade secrets, source codes, credit cards, authentication credentials, and other personally identifiable information (PII). In phase two, ransomware is planted to encrypt valuable data or even entire storage systems. At this point, cybercriminals will demand a ransom in exchange for decryption keys. If the victim refuses to pay the ransom, perhaps because they could simply restore good backups, the threat actors then threaten to release sensitive data publicly if the ransom is not met.

This form of attack has been around for several years and can add additional pressure on the victim because the potential repercussions of the data being released to the public can be severe. While the first two actions can be invisible to the public, the third phase cannot escape publicity. Finally, a DDoS attack or even the threat of such turns the pressure up to the max. If the ransom is not paid, DDoS can take down an organization’s internet presence, thus exposing the entirety of the security threat and failure to protect valuable assets.

Adaptive DDoS
In an adaptive DDoS attack, adversaries conduct extensive pre-attack reconnaissance to identify specific elements of the service delivery chain to target. They are increasingly employing botnet nodes and reflectors/amplifiers that are closer to the target, a trend recently observed in botnet attacks on Ukraine. This minimizes the number of boundaries that DDoS attack traffic must traverse, often resulting in fewer opportunities to detect and mitigate the attack. The combination of increased available bandwidth and throughput increased populations of abusable devices, and adaptive DDoS attack techniques magnify the threat to network operators. As such, network operators should move from a default posture of DDoS mitigation to a new posture of DDoS suppression.

Direct-Path DDoS Attacks
Direct flooding and application-layer DDoS attacks are becoming more popular as anti-spoofing efforts increase globally, making it more difficult for spoofed packets to travel across the internet. Old techniques have become popular again as this methodology returns from the past, back before reflection/amplification attacks dominated the landscape. Enhanced for the modern network, these attacks now come from much more powerful sources, such as cloud-based infrastructure with massive computing and bandwidth resources. Further, adversaries are compromising hosts much closer to the target, thus avoiding many layers of transit, potential discovery, and mitigation. Because of this, organizations must beware of the enemy within.

Outbound and Cross-bound DDoS Attacks
Those are not the only threats coming from within – DDoS attack traffic is increasingly originating from within the network it is targeting, thus avoiding ingress and transit points. DDoS defenses traditionally have been focused on protecting internet properties and networks by implementing detection and mitigation technologies at points of convergence for inbound network traffic. This approach worked well to protect targeted organizations and networks from inbound DDoS attacks; however, outbound and cross-bound DDoS attacks can be just as devastating and disruptive as inbound attacks. Because of adversary innovation and adaption, defenders must change their way of thinking and, in turn, adapt to the current threat landscape.

Cyber Security

ManageEngine Intros Enhanced SIEM with Dual-Layered System for Better Precision in Threat Detection

Published

on

ManageEngine, the enterprise IT management division of Zoho Corporation, today unveiled the industry’s first dual-layered threat detection system in its security information and event management (SIEM) solution, Log360. The new feature, available in Log360’s threat detection, investigation and response (TDIR) component, Vigil IQ, empowers security operations centre (SOC) teams in organizations with improved accuracy and enhanced precision in threat detection.

A quality SOC ensures people, processes, and cutting-edge technology function well. However, enterprise security is made difficult by staffing shortages and solution orchestration complexities. Following recent upgrades to the security analytics module of Log360 designed to facilitate SOC optimization through key performance metric monitoring, the company has focused on addressing pressing challenges in security operations.

“In a recent ManageEngine study, a majority of respondents revealed that their SOCs are understaffed. These resource-constrained SOCs grapple with significant obstacles, such as process silos and manual investigation of alerts, which are often non-threats, low-priority issues or false positives. These lead to extended detection and response times for actual threats. To overcome these challenges, we recognize the imperative adoption of AI & ML for contextual event enrichment and rewiring threat detection logic,” said Manikandan Thangaraj, vice president at ManageEngine.

“We pioneered a dual-layered, ML approach to heighten the precision and consistency of threat detection. First, Vigil IQ ensures genuine threats are discerned from false positives. Second, the system facilitates targeted threat identification and response. This advanced system significantly improves the accuracy of identifying threats, streamlining the detection process and allowing SOC analysts to focus their valuable time on investigating real threats.”

Key Features of the Dual-Layered Threat Detection System of Vigil IQ in Log360:
Smart Alerts: Vigil IQ, the TDIR module of Log360, now combines the power of both accuracy and precision in threat detection. With its dynamic learning capability, Vigil IQ adapts to the changing nature of network behaviour to cover more threat instances accurately. It will spot threats that get overlooked due to manual threshold settings, thereby improving the detection system’s reliability.

Proactive Predictive Analytics: Leveraging predictive analytics based on historical data patterns, Vigil IQ predicts potential security threats, facilitating the implementation of proactive measures before incidents occur. This predictive intelligence drastically reduces the mean time to detect (MTTD) threats.

Contextual Intelligence: Vigil IQ enriches alerts with deep contextual information, providing security analysts with comprehensive threat insights. This enrichment of alerts with non-event context accelerates the mean time to respond (MTTR) by delivering pertinent, precise information.

Continue Reading

News

Proofpoint Appoints Sumit Dhawan as Chief Executive Officer

Published

on

Proofpoint has announced that Sumit Dhawan has been appointed chief executive officer, effective immediately. Rémi Thomas, Proofpoint’s chief financial officer, who has been acting as Proofpoint’s interim CEO since October 25th, will continue to serve as the company’s CFO. “The Proofpoint board of directors could not be more excited to partner with Sumit as he joins Proofpoint to usher in a new stage of growth,” said Seth Boro, managing partner at Thoma Bravo. “Sumit brings a wealth of valuable experience and expertise in building category-leading, scaled companies and businesses. We are confident his customer-centric passion and strong legacy of leadership will continue to carry Proofpoint’s mission forward in providing people-centric cybersecurity solutions that address some of the most challenging risks facing organizations today.”

Dhawan is a highly respected and seasoned technology leader with a proven track record of building market-leading security, cloud, and end-user computing businesses. In his most recent role as president of VMware, Dhawan was responsible for driving over $13B of revenue and led the company’s go-to-market functions including worldwide sales, customer success and experience, strategic ecosystem, industry solutions, marketing, and communications. Before that, he was chief executive officer of Instart, a cybersecurity business delivering innovations in web application security services. He has held senior executive and general management roles at both VMware and Citrix and has successfully established category-leading businesses at scale.

“Over the years, Proofpoint has built an exceptional brand and is trusted by some of the world’s leading organizations as their cybersecurity partner of choice,” said Sumit Dhawan. “I’m honoured to join a leader at the forefront of cybersecurity innovation and to shepherd its continuing and unwavering commitment to helping organizations across the globe protect people and defend data.”

Proofpoint recently announced it has entered into a definitive agreement to acquire Tessian, a leader in the use of advanced AI to automatically detect and guard against both accidental data loss and evolving email threats. Tessian’s cloud-native, API-enabled inbound and outbound email protection solution will extend Proofpoint’s award-winning offering to address the most frequent form of data loss including, misdirected email and data exfiltration.

Continue Reading

Cloud

Google Clarifies the Cause of Missing Google Drive Files

Published

on

Many Google Drive users recently experienced the unsettling disappearance of their files, prompting concerns. Google has now identified the root cause, attributing the issue specifically to the Google Drive for Desktop app. While assuring that only a limited subset of users is affected, the tech giant is actively investigating the matter and promises timely updates.

To prevent inadvertent file deletion, Google provides the following recommendations:

  1. Avoid clicking “Disconnect account” within Drive for desktop.
  2. Refrain from deleting or moving the app data folder, located at:
    • Windows: %USERPROFILE%\AppData\Local\Google\DriveFS
    • macOS: ~/Library/Application Support/Google/DriveFS
  3. Optionally, create a copy of the app data folder if there is sufficient space on your hard drive.

Before Google officially addressed the issue, distressed users took to the company’s support forum to report deleted files. One user from South Korea highlighted a particularly severe case where their account reverted to May 2023, resulting in the loss of anything uploaded or created after that date. Additionally, the user emphasised that they had not synced or shared their files or drive with anyone else.

As Google delves deeper into resolving this matter, affected users are advised to heed the provided precautions. The company’s commitment to ongoing updates reflects its dedication to swiftly addressing and rectifying the situation. The incident serves as a reminder of the importance of proactive measures to safeguard digital data, especially as users navigate cloud-based platforms such as Google Drive.

Continue Reading
Advertisement

Follow Us

Trending

Copyright © 2021 Security Review Magazine. Rysha Media LLC. All Rights Reserved.