Attackers upping the ante on evasion and anti-analysis - Fortinet

SecurityBrief | August 12, 2019

Many modern malware tools already incorporate features for evading antivirus or other threat detection measures, but cyber-adversaries are becoming more sophisticated in their obfuscation and anti-analysis practices to avoid detection. For example, a spam campaign demonstrates how adversaries are using and tweaking these techniques against defenders. The campaign involves the use of a phishing email with an attachment that turned out to be a weaponised Excel document with a malicious macro. The macro has attributes designed to disable security tools, execute commands arbitrarily, cause memory problems, and ensure that it only runs on Japanese systems. One property that it looks for in particular, an xlDate variable, seems to be undocumented. Another example involves a variant of the Dridex banking trojan which changes the names and hashes of files each time the victim logs in, making it difficult to spot the malware on infected host systems. The growing use of anti-analysis and broader evasion tactics is a reminder of the need for multi-layered defences and behaviour-based threat detection.

Spotlight

Office 365 is one of the most widely deployed applications so it’s no surprise that hackers target Office 365—and stolen credentials are the most commonly used tactic in confirmed data breaches. The best way to secure Office 365 users is with modern authentication and multi-factor authentication.

View this infographic to learn how to leverage multi-factor authentication, SAML-based logins, and certificate-based authentication to protect your Office 365 environment.

Spotlight

Office 365 is one of the most widely deployed applications so it’s no surprise that hackers target Office 365—and stolen credentials are the most commonly used tactic in confirmed data breaches. The best way to secure Office 365 users is with modern authentication and multi-factor authentication.

View this infographic to learn how to leverage multi-factor authentication, SAML-based logins, and certificate-based authentication to protect your Office 365 environment.

Related News

SOFTWARE SECURITY

MERIPLEX acquires Louisiana-based MSP, Verma Systems

Meriplex | July 18, 2022

Meriplex, a nationwide leader in managed cybersecurity and IT solutions, is pleased to announce the asset acquisition of Louisiana-based managed service provider, Verma Systems. For over 31 years, Verma Systems has been a leading and trusted IT and consulting partner for businesses in Baton Rouge and across Louisiana. They provide personalized solutions to their clients allowing them to leverage IT and technology to enhance business efficiency. "Verma Systems is an excellent addition to the Meriplex organization. "With their talented team and longstanding reputation in the Louisiana market, we will be able to provide more innovative technology and service offerings to their clients and work towards our goal of being the number one MSP/MSSP in the nation." David Henley, CEO of Meriplex "For me, it has always been about the customer and our employees," said Mitch Verma, President of Verma Systems. "Joining forces with Meriplex means we have more resources at our fingertips including additional IT experts, new product lines, and the capability to offer more well-rounded technical solutions. I know the people behind Meriplex, and we share the same core values and work ethic. With their expertise, size and seasoned approach, I am confident we can provide more for our clients and our employees." As a fast-growing managed services provider, Meriplex focuses on strategically acquiring businesses in leading markets in order to establish a regional presence and acquire talent to support their increasing large organic and inorganic growth. If you are interested in learning more about our M&A process, please reach out to us here. About Meriplex Meriplex is a managed cybersecurity, IT, and SD-WAN solutions provider that enables transformation by combining secure, innovative technology with advanced expertise. As a trusted partner, we deliver business-driven solutions that provide the scalability and support needed to power growth for organizations. About Verma Systems Established in 1991, Verma Systems is a Baton Rouge IT services company specializing in business technology tailored towards the SMB market. With our highly talented and experienced team, we know how to meet business needs by incorporating the right technology solutions to help your company be successful. Our mission is focused on hard work, smart work, and superior customer service.

Read More

SOFTWARE SECURITY

Aqua Launches the Industry’s First Out-of-the-Box Runtime Security with Advanced Protection Against the Most Sophisticated Threats

Aqua Security | July 26, 2022

Aqua Security, the leading pure-play cloud native security provider, today announced the launch of out-of-the-box runtime protection with minimal configuration to stop attacks in real time on running workloads. Protection is composed of new curated and optimized default security controls, as well as advanced threat intel from observations of real attacks on cloud native environments. Both the controls and threat intel are the result of knowledge gained through years of securing customers’ live production environments. Customers can now apply this knowledge to achieve trusted and advanced runtime protection in minutes without requiring in-depth knowledge of their applications and environments. Using eBPF technology and threat intel from cyber research team Aqua Nautilus to identify advanced threats, Aqua surfaces the most critical issues in real time while also implementing a set of controls to protect running workloads immediately, without disrupting the business. “Aqua is transforming the runtime security paradigm. “Traditional runtime security requires security teams to have a great deal of cloud native knowledge, and as a result has been slow to adopt. Aqua is removing this barrier to adoption by making cloud workload threat protection immediately effective and easy for security professionals.” Amir Jerbi, CTO and co-founder, Aqua Security Stopping Attacks in Real Time with Runtime Security Recent data from Nautilus shows that one in three live attacks could be missed when relying exclusively on snapshot scanning of running workload images. Nautilus also found tens of thousands of instances of in-memory attacks and fileless attacks in a one-month period—attacks that would not be seen or stopped without kernel-level visibility. Aqua’s detection of anomalous behavior goes beyond point-in-time snapshots and catches malicious behavior of known and unknown threats in real time—this includes both known CVEs and zero-day exploits that have yet to be discovered. The new default runtime controls are based on ongoing recommendations from Aqua Nautilus, who detect and analyze 80,000 attacks a month using Aqua’s open source eBPF-based threat detection engine, Aqua Tracee. The result is real-time visibility at the kernel level that alerts customers the moment an attacker breaches a running workload, reducing attackers’ dwell time from months to milliseconds. Aqua’s Runtime Protection solution is part of Aqua’s fully integrated Cloud Native Application Protection Platform (CNAPP), the Aqua Platform. Customers of the Aqua Platform also have access to the entire, full set of customizable, advanced runtime capabilities if and when they decide to define and implement more stringent policies. Key benefits of Aqua Runtime Protection include: Discover attacks immediately with continuously updated kernel-level behavioral detection. Updates are based on cloud native threat research from Aqua Nautilus along with years of experience securing customer workloads in production. Respond faster and reduce attacker dwell time by stopping attacks with pattern-based anti-malware in production and the option to block or delete malware on access. Simplify incident investigation and rapidly determine the impact and attack path of a security incident with a detailed incident timeline including rich contextual information. “Unlike overly complex runtime solutions, legacy solutions not designed for cloud-native applications, or solutions that can’t detect in real time, our goal with this release is to provide runtime security that is simple to deploy, giving you effective real-time security out-of-the-box,” said Jerbi. “What this boils down to is that, unlike alternative solutions, Aqua’s Platform will both detect sophisticated attacks and stop them in real time.” Aqua’s out-of-the-box Runtime Protection is now available and will make an industry debut at AWS re:Inforce on July 26-27 in Boston at Booth 104. To learn more, visit Aqua’s YouTube. About Aqua Security Aqua Security stops cloud native attacks and is the only company with a $1 Million Cloud Native Protection Warranty to guarantee it. As the pioneer and largest pure-play cloud native security company, Aqua helps customers unlock innovation and build the future of their business. The Aqua Platform is the industry’s most integrated Cloud Native Application Protection Platform (CNAPP), prioritizing risk and automating prevention, detection and response across the lifecycle. Founded in 2015, Aqua is headquartered in Boston and Ramat Gan, Israel, with Fortune 1000 customers in over 40 countries.

Read More

SOFTWARE SECURITY

iboss Achieves FedRAMP Authorization for its Zero Trust Edge Cloud Security Solution

iboss, Inc. | July 29, 2022

iboss, the leading Zero Trust Edge cloud security provider, announces that it has obtained Federal Risk and Authorization Management Program (FedRAMP) Authorization. The achievement is reflective of the company’s commitment to work alongside federal agencies to protect government entities and civilians from growing and increasingly sophisticated cyberthreats. Earlier this year, the United States Office of Management and Budget unveiled a strategy designed to prevent damaging hacks and breaches by moving federal agencies toward a zero trust cybersecurity approach. The announcement followed a 2021 Biden Administration executive order aimed at protecting federal networks by modernizing government cybersecurity, including through the implementation of zero trust security architecture as defined in the National Institute of Standards and Technology (NIST). The iboss platform is a purpose-built, patented, cloud delivered security solution that has been trusted by organizations worldwide to implement Zero Trust architecture as laid out specifically in the NIST 800-207 Special Publication. The company’s containerized cloud architecture makes it the only platform that can control what NIST refers to as the “Implicit Trust Zone” to ensure that all data and resources are completely private. The FedRAMP authorization now extends iboss’s leading platform to all U.S. government customers. “Our Zero Trust Edge platform prevents breaches by making applications and data inaccessible to attackers while allowing trusted users to securely and directly connect to resources from anywhere. “In today’s work-from-anywhere world, protecting sensitive information, regardless of who is accessing it or where, is critical. We look forward to continuing to extend our platform and expertise to U.S. government agencies.” iboss CEO Paul Martini A Zero Trust Architecture built on iboss consolidates network security technologies (SWG, CASB, DLP, IPS, malware defense, browser isolation, firewall) into a single unified cloud platform and eliminates the need for a VPN while securing any device, regardless of location. By making all applications private, iboss eliminates the top three initial ransomware infection vectors as identified by the Cybersecurity and Infrastructure Security Agency (CISA). With applications, data and services made accessible only through the iboss Zero Trust Edge, cyber risk is greatly reduced, breaches and data loss are prevented, and visibility and security are delivered consistently throughout an organization. FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. About iboss, Inc. iboss is a cloud security company that enables organizations to reduce cyber risk by delivering a Zero Trust service designed to protect resources and users in the modern distributed world. Applications, data and services have moved to the cloud and are located everywhere while users needing access to those resources are working from anywhere. Built on a containerized cloud architecture, iboss delivers security capabilities such as SWG, malware defense, browser isolation, CASB and data loss prevention to protect all resources, via the cloud, instantaneously and at scale. This shifts the focus from protecting buildings to protecting people and resources wherever they are located. Leveraging a purpose-built cloud architecture backed by 230+ issued and pending patents and more than 100 points of presence globally, iboss processes over 150 billion transactions daily, blocking 4 billion threats per day. More than 4,000 global enterprises trust the iboss Cloud Platform to support their modern workforces, including a large number of Fortune 50 companies. iboss was named one of the Top 25 Cybersecurity Companies by The Software Report, one of the 25 highest-rated Private Cloud Computing Companies to work for by Battery Ventures, and CRN’s Top 20 Coolest Cloud Security Companies of 2022.

Read More