For a Successful Deployment of DevSecOps 80% of CISOs in the UAE Say Automation and AI Are Critical
Dynatrace has announced the findings of an independent global survey of 1,300 chief information security officers (CISOs) in large organizations. The research reveals that CISOs find it increasingly difficult to keep their software secure as their hybrid and multi-cloud environments become more complex, and teams continue to rely on manual processes that make it easier for vulnerabilities to slip into production environments. It also finds that the continued use of siloed tools for development, delivery, and security tasks is hindering the maturity of DevSecOps adoption.
These insights highlight the growing need for the convergence of observability and security to fuel data-driven automation that enables development, security, and IT operations teams to deliver faster, more secure innovation.
UAE-focused findings from the research include:
- 80% of CISOs in the UAE say AI and automation are critical to the success of DevSecOps and overcoming resource challenges. This point of view is heavily shared by CISOs in Qatar (96%) and Egypt (92%).
- 88% of CISOs say the time it takes between the discovery of zero-day attacks and their ability to patch every instance is a significant challenge to minimizing risk.
- 76% of CISOs say it’s a significant challenge to prioritize vulnerabilities because they lack information about the risk these vulnerabilities pose to their environment.
- 57% of the vulnerability alerts that security scanners alone flag as “critical” are not important in production, wasting valuable development time chasing down false positives.
- On average, each member of development and application security teams spends nearly a third (30%) of their time – or approximately 11 hours each week – on vulnerability management tasks that could be automated.
“Organizations are struggling to balance the need for faster innovation with the governance and security controls they established to keep their services and data safe,” said Bernd Greifeneder, Chief Technology Officer at Dynatrace. “The growing complexity of software supply chains and the cloud-native technology stacks that provide the foundation for digital innovation make it increasingly difficult to quickly identify, assess, and prioritize response efforts when new vulnerabilities emerge. These tasks have grown beyond the human ability to manage. Development, security, and IT teams are finding that the vulnerability management controls they have in place are no longer adequate in today’s dynamic digital world, which exposes their businesses to unacceptable risk.”
Additional findings include:
- 64% of CISOs say the prevalence of team silos and point solutions throughout the DevSecOps lifecycle makes it easier for vulnerabilities to slip into production.
- 88% of CISOs say they will see more vulnerability exploits if they can’t make DevSecOps work more effectively; however, just 20% of organizations have a mature DevSecOps culture.
- More than half (60%) of CISOs in the UAE say vulnerability management is more difficult because the complexity of their software supply chain and cloud ecosystem has increased.
- Only 48% of CISOs are fully confident that the software delivered by development teams has been completely tested for vulnerabilities before going live in production environments.
“Despite a widespread understanding of the many benefits of DevSecOps, most organizations remain in the early stages of adopting these practices due to siloed data that lacks context and limits analytics,” continued Greifeneder. “To overcome this, they should use solutions that converge observability and security data and are powered by trusted AI and intelligent automation. This is precisely what we architected the Dynatrace platform to do. As a result, our customers have reduced the time they spend identifying and prioritizing vulnerabilities by up to 95 percent, helping them deliver faster, more secure innovation that keeps them at the forefront of their industries.”
The report is based on a global survey of 1,300 CISOs in large organizations with more than 1,000 employees, conducted by Coleman Parkes and commissioned by Dynatrace in March 2023. The sample included respondents in the U.S., UK, France, Germany, Spain, Italy, the Nordics, UAE, Saudi Arabia, Qatar, Egypt, Australia, India, Singapore, Malaysia, Brazil, and Mexico.
A Total of 13 Organizations in 9 Countries Fall Victim to “Dark Pink”
Group-IB has today published a new update into the APT (advanced persistent threat) group codenamed Dark Pink, revealing that a total of 13 organizations in 9 countries have now fallen victim to this malicious actor. Dark Pink’s operations were detailed in depth by Group-IB’s Threat Intelligence unit in a January 2023 blog post, and at this time, researchers linked the group to attacks on 7 organizations in the Asia-Pacific region and 1 in Europe. Group-IB experts have since discovered 5 new Dark Pink victims, and the geographic scope of the group’s operations is wider than previously thought, as organizations in Brunei, Thailand, and Belgium were all hit by Dark Pink attacks.
Continued analysis has revealed that this group is still active, as Dark Pink attacked a government ministry in Brunei this past January and a government agency in Indonesia as recently as April 2023. Additionally, Group-IB researchers were able to attribute three other attacks from 2022 to this particular APT group. The initial access vector for Dark Pink attacks continues to be spear-phishing emails, and Group-IB researchers noted in their January 2023 blog that the group utilized an almost-entirely custom toolkit to exfiltrate files and messenger data from infected devices and networks.
Since then, Group-IB experts can reveal that Dark Pink APT has updated many of these custom tools, changing their functionalities in order to allow the group to slip undetected past defense mechanisms of cybersecurity systems. For example, the group’s custom KamiKakaBot module, designed to read and execute commands from the threat actors via Telegram, is still stored on the filesystem of infected devices, but it is now divided into two distinct parts — one that controls the device and the other that steals sensitive data. Dark Pink also continues to use an MSBuild utility to launch KamiKakaBot in the infection chain.
Group-IB’s Threat Intelligence unit has discovered Dark Pink’s new account on GitHub, which was created as soon as the first information about the APT group was published in the public domain this past January. The threat actors can issue commands to infected machines to download files from this GitHub account, and Group-IB researchers found 12 commits to the new account performed between January 9 and April 11, 2023.
Recent attacks have also seen the group exfiltrate stolen data over a HTTP protocol using Webhook service, and they have also leveraged functionalities of an MS Excel add-in to ensure the persistence of TelePowerBot (a simpler version of KamiKakaBot written in PowerShell). In line with Group-IB’s zero-tolerance policy to cybercrime, all confirmed and potential victims of Dark Pink attacks were issued with proactive warnings.
“Dark Pink APT shows no sign of slowing down,” Andrey Polovinkin, Malware Analyst at Group-IB, said. “APT groups are renowned for their responsiveness and ability to adapt their custom tools to continually avoid detection, and Dark Pink is no exception. The profile of the affected targets underscores the significant danger that Dark Pink poses for both public- and private-sector actors. Group-IB will continue to analyze all Dark Pink activity and ensure that confirmed and potential victims are informed.”
CISOs in the Middle East Have Dealt With Loss of Sensitive Data in the Past 12 Months, Says Proofpoint
Proofpoint, Inc., a leading cybersecurity and compliance company, today released its annual Voice of the CISO report, which explores key challenges, expectations, and priorities of chief information security officers (CISOs). The findings reveal that most CISOs have returned to the elevated concerns they experienced early in the pandemic. Seventy-five percent of CISOs in the UAE surveyed feel at risk of a material cyber attack, compared to 44% the year before, when they may have felt a brief sense of calm after adapting to the chaos of the pandemic.
This year’s data is a shift back to 2021 when 68% of CISOs in the UAE believed a material attack was imminent. Likewise, sentiments about preparedness levels have reversed: 57% feel unprepared to cope with a targeted cyber attack, showing a moderate increase over last year’s 47% and a decrease from 2021’s 72%.
While organizations have largely overcome the disruptions of the last two years, the effects of the Great Resignation and employee turnover continue to linger, exacerbated by the recent wave of mass layoffs—75% of CISOs in the UAE say that employees leaving the organization played a role in a data loss event. Even though 47% of security leaders had to deal with the loss of sensitive information in the past 12 months, only 61% believe they have adequate data protection in place.
The 2023 Voice of the CISO report examines global third-party survey responses from more than 1,600 CISOs at mid-to-large size organizations across different industries. Throughout the course of Q1 2023, 100 CISOs were interviewed in each market across 16 countries: UAE, KSA, the U.S., Canada, the UK, France, Germany, Italy, Spain, Sweden, the Netherlands, Australia, Japan, Singapore, South Korea, and Brazil.
The report discusses global trends and regional differences around three central themes: the threats and risks CISOs face daily; the impact of employees on organizations’ cyber preparedness; and the defenses CISOs are building, especially as the economic downturn puts pressure on security budgets. The survey also measures the changes in alignment between security leaders and their boards of directors, exploring how their relationship impacts security priorities.
“Years of sustained remote and hybrid working has resulted in an increased risk around insider threat incidents, with our research revealing that three-quarters of CISOs in the UAE agree that people leaving the organization contribute to data loss,” said Emile Abou Saleh, Regional Director, Middle East, and Africa at Proofpoint. “The rising challenges of protecting people and data, high expectations, burnout, and uncertainty about personal liability are testing CISOs in the UAE. The way forward is to implement layered defenses, including a dedicated insider threat management solution and strong security awareness training, so organizations are well protected against threats that focus on people as the main perimeter.”
Proofpoint’s Voice of the CISO report for 2023 includes the following findings about the UAE:
- CISOs in the UAE have returned to the elevated concerns they experienced early in the pandemic, while also feeling more unprepared than last year: 75% of CISOs in the UAE feel at risk of experiencing a material cyber attack in the next 12 months, compared to 44% last year and 68% in 2021. Further, 57% believe their organization is unprepared to cope with a targeted cyber attack, compared to 47% last year and 72% in 2021.
- The loss of sensitive data is exacerbated by employee turnover: 47% of security leaders in the UAE reported having to deal with a material loss of sensitive data in the past 12 months, and of those, 75% agreed that employees leaving the organization contributed to the loss. Despite those losses, 61% of CISOs in the UAE believe they have adequate controls to protect their data.
- Email fraud tops the list of the most significant threats: The top threats perceived by CISOs in the UAE are almost the same as last year. In both years email fraud (business email compromise) and cloud account compromise led the way, but this year they were followed by malware and smishing/vishing, whereas last year malware was joined by insider threats as the other top concern.
- Most organizations are likely to pay a ransom if impacted by ransomware: 59% of CISOs in the UAE believe their organization would pay to restore systems and prevent data release if attacked by ransomware in the next 12 months. And they are relying on insurance to shift the risk—56% said they would place a cyber insurance claim to recover losses incurred in various types of attacks.
- Supply chain risk is a recurring priority: 56% of CISOs in the UAE say they have adequate controls in place to mitigate supply chain risk, a modest increase from last year’s 49%. While these protections may feel adequate for now, going forward, CISOs may feel more strapped for resources—65% say their budgets have been impacted.
- People risk grows as a concern: There is an increase in the number of CISOs in the UAE who view human error as their organization’s biggest cyber vulnerability—59% in this year’s survey vs. 50% in 2022 and 70% in 2021. At the same time, 56% of CISOs believe that employees understand their role in protecting the organization, compared to 51% in 2022 and 69% in 2021; this illustrates a struggle to build a strong security culture.
- CISOs and boards are much more in tune: 63% of CISOs in the UAE agree their board members see eye-to-eye with them on cybersecurity issues. This is a substantial increase from the 47% of CISOs who shared this view last year and the same as the 63% who felt this way in 2021.
- Mounting CISO pressures are making the job increasingly unsustainable: 59% of CISOs in the UAE feel they face unreasonable job expectations, a significant increase from last year’s 38%. While the return to their new reality may be one reason behind this view, CISOs’ job-related angst is a likely contributor as well—60% are concerned about personal liability and 59% say they have experienced burnout in the past 12 months.
“Security leaders must remain steadfast in protecting their people and data, a task made increasingly difficult as insiders prove themselves as a significant contributor to sensitive data loss,” said Ryan Kalember, executive vice president of cybersecurity strategy for Proofpoint. “If recent devastating attacks are any indication, CISOs have an even tougher road ahead, especially given the precarious security budgets and new job pressures. Now that they have returned to elevated levels of concern, CISOs must ensure they focus on the right priorities to move their organizations toward cyber resilience.”
HTML Attachments Remain the Most Dangerous File, Says Barracuda
A new Barracuda Threat Spotlight shows how in March 2023 just under half (45.7%) of all HTML attachments scanned by the company were malicious. This follows a steady upward trend in the proportion of malicious HTML files since Barracuda’s last report on the threat in May 2022 when the proportion was less than half (21%) of the current value. In comparison, only 0.03% and 0.009% of the highly popular Microsoft Office and PDF file types were found to be malicious.
HTML stands for Hypertext Markup Language, and it is used to create and structure content that is displayed online. It is also used in email communication – for example in automated newsletters, marketing materials, and more. In many cases, reports are attached to an email in HTML format (with the file extension .html, .htm, or .xhtml, for example). Attackers can successfully leverage HTML as an attack technique in phishing and credential theft or for the delivery of malware.
The data follows analysis by Barracuda researchers of many millions of messages and files scanned by the company’s security technologies. “The security industry has been highlighting the cybercriminal weaponizing HTML for years – and evidence suggests it remains a successful and popular attack tool,” said Fleming Shi, Chief Technology Officer, Barracuda.
Barracuda’s analysis further shows that not only is the overall volume of malicious HTML attachments increasing, nearly a year since the company’s last report, but HTML attachments also remain the file type most likely to be used for malicious purposes. “Getting the right security in place is as important now as it has ever been. This means having effective, AI-powered email protection in place that can evaluate the content and context of an email beyond scanning links and attachments. Other important elements include implementing robust multifactor authentication or – ideally – Zero Trust Access controls; having automated tools to respond to and remediate the impact of any attack; and training people to spot and report suspicious messages,” said Shi.