Attackers Leverage Open Source in New BYOB Attack

Infosecurity Magazine | January 17, 2019

Attackers Leverage Open Source in New BYOB Attack
An attack leveraging the open-source Build Your Own Botnet (BYOB) framework has reportedly been intercepted by Israeli cybersecurity firm Perception Point’s incident response team. According to the team, this appears to be the first time the BYOB framework has been found to be used for fraudulent activity in the wild. While these tactics and techniques have historically been limited in used to financially backed advanced persistent threat (APT) groups, they are now more easily accessed by novice criminals, in part because of the more widespread popularity of plug-and-play hacking kits, researchers said. In July, a BYOB framework that implements all the building blocks needed to build a botnet was developed to improve cybersecurity defenses; however, what is used by defense can also fall into the hands of those with more malicious intentions. The continued growth of these hacking kits allows any script kiddie or malicious attacker to leverage this framework and carry out attacks that otherwise wouldn’t be possible.

Spotlight

"Mobile security is often the target of unrealistic criticism. The truth? Mobile is, in fact, a more secure computing platform than traditional PCs and provides organizations with methods to address security needs - both for today and tomorrow.

Leveraging mobile device certificates, organizations can make VPN or Wi-Fi access easier by reducing password usage and ensure only authorized devices are accessing their networks. Plus, mobile authenticators offer a flexible way to address a wide range of authentication needs from a user-friendly device. Complement these tools by leveraging mobile SDKs, which help organizations build security into pre-existing and new mobile applications and enable greater user experience and security simultaneously."

Related News

SOFTWARE SECURITY

To address the increasing demand for sensitive data protection, Netwrix and Stealthbits merge to address

prnewswire | January 04, 2021

Netwrix, a network safety merchant that makes information security simple, today declared a consolidation with Stealthbits, a network safety pioneer that shields delicate information and qualifications from assailants. The joined substance will keep on contribution its total arrangement of in excess of about six security arrangements pointed toward recognizing and distinguishing information security hazard just as ensuring, reacting and recuperating from network safety assaults. Terms of the exchange were not uncovered. Divided arrangements in the information security market keep associations from building thorough security techniques to ensure their delicate and managed information. To address this test, Netwrix and Stealthbits are uniting to use each other's mastery to widen item abilities and improve client experience. This will empower the consolidated association to offer seven center items crossing all components of information and data security, put resources into development to surpass the assumptions for existing clients and accomplices, and grow its client base worldwide. With more than 500 representatives and clients from in excess of 50 nations, the consolidated organization will work as Netwrix with Steve Dickson proceeding to fill in as its CEO and on the organization's Board of Directors. Steve Cochran, organizer and administrator of Stealthbits, will be a speculator in Netwrix and will serve on its Board of Directors. "We couldn't be more thrilled to be merging with the people and products of Stealthbits. Our combined organization can now offer data security solutions for any organization anywhere in the world," said Steve Dickson, CEO at Netwrix. "Stealthbits has always been driven to work with our customers to solve their most challenging credential and data security requirements. Combining our breadth of products and depth of expertise with that of Netwrix means our customers can quickly strengthen their security posture and address multiple projects and requirements through a single provider," said Steve Cochran, founder and chairman of Stealthbits. For a long time to come, clients, prospects and accomplices of each organization will keep on collaborating with each organization as they do today for deals, backing and accomplice action. Both Netwrix and Stealthbits are focused on straightforwardness and will educate their clients, prospects and accomplices of operational changes through this cycle throughout the next few months. About Netwrix Netwrix makes data security easy, thereby simplifying how professionals can control sensitive, regulated and business-critical data, regardless of where it resides. More than 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and knowledge workers. Founded in 2006, Netwrix has earned more than 150 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S. About Stealthbits Stealthbits Technologies, Inc. is a customer-driven cybersecurity software company focused on protecting an organization's sensitive data and the credentials attackers use to steal that data. By removing inappropriate data access, enforcing security policy, and detecting advanced threats, we reduce security risk, fulfill compliance requirements, and decrease operational expense.

Read More

DATA SECURITY

Safe-T Acquires CyberKick, a Provider of Privacy Solutions and SaaS Security

Safe-T | July 07, 2021

Safe-T Group Ltd., a provider of secure access solutions and intelligent data collection, announced the acquisition of CyberKick Ltd. The closing of the transaction is anticipated next week, subject to assured customary closing situations, with delivering all mandatory documents and endorsements. Its cash concern will be funded with inner cash properties. CyberKick is a supplier of Software-as-a-Service (SaaS) security and privacy tools, intended to decrease users’ susceptibility to threats when making them stronger in their online action, to stop and protect against a broad range of cyber intimidations as well as to deliver consumers with control of their accounts and organization of access to complex data. The acquisition will accompaniment Safe-T’s safe access assortments for establishments with clarifications against recognized and unidentified threats and enlarge its footmark in the remote users’ cybersecurity marketplace. Conferring to unaudited consequences provided to Safe-T, the acquired business produced revenues of around $4.2 million in 2020 and was cost-effective. CyberKick’s confidentiality solution, which was lately launched and in a little time, previously purchased by thousands of end-users, lets users to achieve their online confidentiality with a influential, safe and encoded linking, providing harmless online browsing and keeping them harmless from hackers when using indiscreet Wi-Fi networks. iShield, CyberKicks’s security solution, is a protective online security tool that recognizes, removes, and helps avoid security and data threats that occur unknowingly to many users while browsing online. The solution provides strong, complete safety from online cyber-attacks such as phishing, ransomware, malware, data scams, identity theft, and viruses, all on the internet gateway contact level. By recognizing the dangers and blocking the gateway in advance, the solution secures consumers before any harm is done. About CyberKick CyberKick was built to fight that battle to make the internet a safer place for everyone. CyberKick has a talented and ambitious team of developers who work in harmony together with experienced product enthusiasts to complete its mission a reality. CyberKick’s products consist of two critical fields of cybersecurity are Online Cyber Security and Online Privacy Protection About Safe-T Group Ltd Safe-T Group Ltd. (Nasdaq, TASE: SFET) is a provider of access solutions and intelligent data collection. We also offer competent data collection cloud service based on our world’s fastest and most advanced & secured business proxy network, enabling clients to collect accurate, transparent, & sensitive data from public online sources.

Read More

DATA SECURITY

The Chubb Index highlights the importance of taking more protective steps against cyber attacks by the professional services industry

prnewswire | November 24, 2020

In the most recent version of the Chubb Cyber InFocus Report, Chubb information uncovers that the expert administrations industry need to take more proactive and defensive measures against potential digital assaults. Chubb has seen a 10% expansion in digital occurrences identifying with proficient administrations organizations. These are generally email-driven associations, which means there are numerous open doors for workers to tap on noxious connections, driven by email phishing. "Most cyber attacks are coming from outside the company, leaving businesses at greater risk in the current work-from-home environment," said William A. Wise, Head of Chubb Cyber North America. "Due to the rise in incidents resulting from email phishing, employers with remote employees need to take additional steps to protect their companies against cyber threats." For example, companies should use multifactor authentication for protected data and to keep software and applications up-to-date. In addition to highlighting risks within the professional services industry, the latest Cyber InFocus report also examines: Changes in cyber vulnerability by industry since 2016. Breach sources over the last four years showing an increase in threats by external actors, including malware attacks. Cyber crime examples in the most vulnerable industries, how they were exposed and what was learned in the process. "As cyber incidents continue to evolve in complexity and focus, it's critically important that companies understand how cyber-and privacy-related incidents affect their organizations," added Anthony Dolce, Vice President, Cyber Lead, Chubb North America Financial Lines Claims. "The Cyber InFocus Report is a timely tool to help agents, brokers and companies understand the latest trends on cyber threats, helping to prevent issues from happening in the first place." Chubb's Cyber InFocus report, which previously dispatched in mid 2018, gives experiences into the impacts of digital dangers and patterns on explicit enterprises or business portions each quarter. Such knowledge depends on Chubb's utilization of outsider exploration, just as exclusive cases information from over twenty years of protecting associations against developing digital dangers. About Chubb Cyber: Chubb is a leader in insuring cyber risk. Combining industry-leading underwriting and expert third-party incident response services, Chubb offers policies that are tailored to the specific needs and risks of its clients to ensure they are ready with the tools and expertise necessary should a cyber incident occur. Moving swiftly to connect clients with the proper parties to minimize data loss is only part of what Chubb delivers. Keeping an eye on the ever-evolving cyber security landscape, Chubb looks for ways to do more for its clients by offering cutting-edge products and holistic services to every client. About Chubb With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London, Paris and other locations, and employs approximately 33,000 people worldwide.

Read More

Spotlight

"Mobile security is often the target of unrealistic criticism. The truth? Mobile is, in fact, a more secure computing platform than traditional PCs and provides organizations with methods to address security needs - both for today and tomorrow.

Leveraging mobile device certificates, organizations can make VPN or Wi-Fi access easier by reducing password usage and ensure only authorized devices are accessing their networks. Plus, mobile authenticators offer a flexible way to address a wide range of authentication needs from a user-friendly device. Complement these tools by leveraging mobile SDKs, which help organizations build security into pre-existing and new mobile applications and enable greater user experience and security simultaneously."