DATA SECURITY

Cybereason Discovers Global Botnet Campaign Using Microsoft Exchange Vulnerabilities

Cybereason | April 23, 2021

Cybereason, the market leader in future-ready attack protection, reported today the discovery of a widespread, global campaign aimed at spreading the stealthy Prometei Botnet by attacking enterprises with a multi-stage attack to harvest computing power to mine bitcoin. To infiltrate networks, the threat actors, who tend to be Russian speakers, are exploiting previously disclosed Microsoft Exchange vulnerabilities used in the Hafnium attacks.

Prometei has a sophisticated infrastructure in place to guarantee its longevity on infected machines. Though Prometei was first reported in July 2020, Cybereason believes the botnet dates back to at least 2016, a year before the now-famous WannaCry and NotPetya malware attacks, which infected over 200 countries and caused billions of dollars in damage. Prometei is still evolving, with new features and tools being added daily.

“Because it has gone undetected, the Prometei Botnet poses a significant danger to companies. When attackers gain possession of infected machines, they can not only mine bitcoin by stealing processing power, but they can also exfiltrate classified information. The attackers may even inject the infected endpoints with other malware and work with ransomware groups to offer access to the endpoints if they so desire. To make matters worse, crypto mining consumes vital network computing power, adversely affecting business processes as well as the performance and reliability of sensitive servers,” said Assaf Dahan, Cybereason's senior director and head of threat research.

Key findings from the research, include:

• Wide range of Victims: Victims have been observed across a variety of industries, including Finance, Insurance, Retail, Manufacturing, Utilities, Travel, and Construction. Infected companies are based in countries around the world, including the United States, United Kingdom, Germany, France, Spain, Italy and other European countries, South America and East Asia.

• Russian Speaking Threat Actor: The threat actor appears to be Russian speaking and is purposely avoiding infections in former Soviet bloc countries.

• Exploiting SMB and RDP Vulnerabilities: The main objective of Prometei is to install the Monero crypto miner on corporate endpoints. To spread across networks, the threat actor is using known Microsoft Exchange vulnerabilities, in addition to known exploits EternalBlue and BlueKeep.

• Cross-Platform Threat: Prometei has both Windows-based and Linux-Unix-based versions, and it adjusts its payload based on the detected operating system on the targeted machines when spreading across the network.

• Cybercrime with APT Flavor: Cybereason assesses that the Prometei Botnet operators are financially motivated and intent on generating hefty sums of bitcoin, but is likely not backed by a nation-state.

• Resilient C2 Infrastructure: Prometei is designed to interact with four different C2 servers which strengthen the botnet’s infrastructure and maintain continuous communications, making it more resistant to takedowns.

Recommendations to companies for minimizing the Microsoft Exchange vulnerability include constantly scanning the environment for threats and imposing stricter patch management policies to ensure that all updates are deployed regularly. Sensitive network assets should also be hardened, multi-factor authentication implemented, and endpoint detection and response tools installed.

About Cybereason

Cybereason is a champion for today's cyber defenders, offering future-ready attack protection that unifies security from the endpoint to the enterprise and everywhere the battle moves. The Cybereason Defense Platform incorporates the industry's best detection and response (EDR and XDR), next-generation anti-virus (NGAV), and aggressive threat hunting to provide context-rich analysis of any component of a Malop (malicious operation). As a result, defenders will stop cyberattacks from endpoints to everywhere. Cybereason is a privately owned international company based in Boston that serves clients in over 30 countries.

Spotlight

"Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. Although the number of checks written by consumers has decreased significantly, the reverse is true about dollars lost to check fraud.

David Barnhardt, Vice President of Product Management, Payment Solutions at Early Warning talks about this persistent fraud threat and how banking institutions should respond to it."

Spotlight

"Check fraud - it not only won't go away, but it is morphing to keep pace with consumers' digital banking habits. Although the number of checks written by consumers has decreased significantly, the reverse is true about dollars lost to check fraud.

David Barnhardt, Vice President of Product Management, Payment Solutions at Early Warning talks about this persistent fraud threat and how banking institutions should respond to it."

Related News

DATA SECURITY

Netskope Acquires Infiot, Will Deliver Fully Integrated, Single-Vendor SASE Platform

Netskope | August 03, 2022

Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced it has acquired Infiot, a pioneer in enabling secure, reliable access with zero trust security, network and application optimization, and AI-driven operations. As Netskope Borderless WAN, the addition of Infiot's revolutionary technology will enable Netskope customers to apply uniform security and quality of experience (QoE) policies to the widest range of hybrid work needs, from employees at home or on-the-go, to branch offices, ad-hoc point-of-sale systems, and multi-cloud environments. For customers, all of these capabilities are delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations, preserves network performance, and ensures SASE success. The Benefits of SASE Businesses and governments are rapidly adopting SASE to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and return-on-investment from their technology. Netskope is a widely acknowledged leader in SSE, which describes the security services needed for a successful SASE architecture. Relevant to SASE growth, Gartner® notes: "By 2024, 80% of SD-WAN deployments will incorporate SSE requirements, up from less than 25% in 2022"[1] "By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services, and private application access from a single vendor's SSE platform"[2] Despite SASE's popularity, however, confusing vendor messaging often accompanies piecemeal product sets that are spuriously marketed as "SASE." Most of these products are not natively integrated, nor able to simplify technology environments, and lack critical network and infrastructure transformation capabilities—all of which risk higher levels of security incidents, network downtime, and poor ROI. Netskope Borderless WAN combines with Netskope Intelligent SSE in a fully converged SASE platform, uniquely addressing these challenges. Borderless WAN Unlocks Full SASE Potential Founded in 2018 by veterans of the SD-WAN market, Infiot was one of only four vendors recognized in the 2021 Gartner "Cool Vendors™ in Cloud Networking"[3] report, was twice named to The Futuriom Top 40[4], and has been successfully deployed by customers in healthcare, retail, education, energy, manufacturing, telecommunications, and other industries. Infiot technology leverages a cloud-based, zero-touch deployment and provisioning model with multiple physical and virtual appliance form factors. The solution includes built-in routing, a transport-agnostic approach that supports both wired and wireless networking, app-aware QoE enforcement combined with policy-based traffic steering, and other integrated network security functions critical for deployment at the edge. For customers, all of this capability is delivered in a single architecture, using one policy framework, and one console, which dramatically simplifies operations for thinly-stretched networking and infrastructure teams. As the foundation of the new Netskope Borderless WAN solution, Infiot technology will allow customers to embrace modern, cloud-first networking by leveraging Netskope SASE Gateways, creating secure, optimized connections between any enterprise location, including site-to-site, or the cloud. Netskope SASE Gateways also enable end-to-end optimization for improved app performance, provide increased network resilience through real-time link monitoring and dynamic path selection, and offer identity and per-app access policies to apply zero trust principles to the network. Netskope Borderless WAN critical use cases include: Easy access to industry-leading Netskope Intelligent SSE services powered by world-class Netskope NewEdge infrastructure All-in-one intelligent access, routing, wireless WAN, network security, app assurance, and edge compute as an effective way to modernize, simplify and implement SASE architecture The ability to offload MPLS and eliminate costs by sending more traffic direct-to-net, eliminate backhauling and leverage fixed/mobile connectivity options (such as 4G/5G) Better guaranteed WAN connectivity to ensure end-to-end performance, from the "last mile" to the cloud or legacy data center Simplified operational overhead associated with running custom third-party applications "Today, leaders across IT, security, and networking and the world's best-known analyst firms agree that the explosion of data and devices, along with the numerous ways that people connect, communicate, and collaborate, make the transformation of both networking and security a critical imperative for businesses and governments. It is in this transformation where Netskope is uniquely positioned to help customers with a fully converged SASE platform. "We're very excited to introduce Borderless WAN, and to welcome Infiot to our growing team." Sanjay Beri, Netskope CEO "Today, many-to-many secure optimized connectivity is required to address any user, device, and location, in combination with a zero trust approach that integrates seamlessly with Security Service Edge," said Parag Thakore, Infiot CEO. "Netskope Intelligent SSE is the industry's leading SSE, and the combination of Infiot and Netskope will deliver on the promise of SASE like no other technology vendor can." "As we continue to transform our patient care experience, we are excited to partner with Netskope,'' said Rick Lacy, Senior Enterprise Network Engineer, CHRISTUS Health. "Netskope Borderless WAN provides adaptive, identity-aware precision access for our medical workers to deliver care from the comfort of their homes, without compromising experience, all at a significantly lower cost to our business. In the future we see many applications for Netskope, including our medical IoT deployments." "Netskope Borderless WAN is a new mindset. It's a new way of thinking about how our users access our domain and critical applications," said Robert Boopsingh, CIO, The Beacon Insurance Company. "For us, it will replace VPN for our employees and branch offices across our seven countries. We have implemented a zero trust model while delivering superior network access with this modern, secure, cloud-first implementation." "This is a great move," said Frank Dickson, Group Vice President, Security & Trust, IDC. "What Netskope will now be able to offer, thanks to its compelling security platform and Infiot's technology, is fully secure hybrid-work in-a-box, solving for both networking challenges and security challenges at the same time. It's a self-provisioning network, with security that's automatic. That's not just an abstract framework or a good idea, it's a specific set of benefits and use cases for businesses." In addition to offering Borderless WAN capabilities, Netskope integrates with key SD-WAN partners, ensuring customers benefit from Netskope Intelligent SSE in mixed environments while maintaining flexibility and choice in vendor partners. Financial terms of the acquisition are undisclosed. Parag Thakore and the Infiot product team now comprise Netskope's Borderless WAN group, and Infiot's sales team has joined Netskope's sales organization. Read the Netskope blog for more on today's acquisition news. Visit Netskope.com for more on Borderless WAN and the Netskope SASE platform. Gartner Disclaimer Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER and COOL VENDORS are a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. About Netskope Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. Fast and easy to use, the Netskope platform provides optimized access and real-time security for people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope and its powerful NewEdge network to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Read More

SOFTWARE SECURITY

McAfee and Telstra Partner to Bring Privacy, Identity and Security Solutions to Customers Across Australia

McAfee | July 11, 2022

Today, McAfee Corp., a global leader in online protection, announced a multi-year partnership with Telstra, Australia’s leading telecommunications and technology company, to deliver comprehensive protection to safeguard the privacy and identity of consumers across activities, devices, and locations. The partnership will grant new and existing Telstra customers easy access to McAfee’s leading security solutions to deliver holistic security and privacy protection through its integrated suite of services including Antivirus, Parental Controls, Identity Protection, Secure VPN and more, to protect and secure multiple devices including mobiles, PCs and laptops. “A recent McAfee study found 27% of Australians surveyed reported attempted account theft and 23% had experienced financial account information leaks. “As the proliferation of life online accelerates, we are thrilled to be partnering with Telstra who are showing through this collaboration, a commitment to innovation and to their customers by investing in new infrastructure and technologies that safeguard their mobile and broadband subscribers.” Pedro Gutierrez, Senior Vice President of Global Sales and Operations at McAfee McAfee’s integrated consumer security platform offers a wide array of mobile security solutions to protect customers’ privacy and identity while blocking viruses, malware, spyware, and ransomware attacks. This partnership allows Telstra’s customers to take advantage of these capabilities and protect themselves from additional threats including potential hacks, identity theft and broader gaps in online and mobile security so they can live life confidently online. “In today’s increasingly connected world the risk of cyber threats continues to grow. To counter the risk, Telstra is committed to providing our customers with the safety and security features needed to protect them online,” said Matthew O’Brien, Cyber Security Executive and Group Owner at Telstra. “This partnership with McAfee helps drive our mission to build a safe and secure connected future where everyone can thrive, and further complements Telstra’s T25 ambition to extend our network leadership position by delivering greater value to our customers.” To activate Device Security, Telstra customers can simply go in-store, online or to their MyTelstra app. The full suite of McAfee features supported include Antivirus/System Scan, Safe Browsing, Protection Center, Identity Protection, Password Manager, Parental Controls, Protection Score and Secure VPN. All eligible Telstra customers can try Device Security for three months on Telstra, then auto-roll onto $10/month after. About McAfee McAfee Corp. is a global leader in online protection. Focused on protecting people, not just devices, McAfee’s solutions adapt to users’ needs in an always online world, empowering them to live securely through integrated, intuitive solutions that protect their families and communities with the right security at the right moment.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

SonicWall Earns Prestigious 2022 CRN Annual Report Card Award for Enterprise Network Security

SonicWall | August 22, 2022

SonicWall today announced that CRN, a brand of The Channel Company, named the cybersecurity leader as one of the winners in the Enterprise Network Security category of the 2022 CRN Annual Report Card (ARC) Awards. This award honors the industry's top technology vendors for success in providing high levels of satisfaction for channel partners through innovative products, services and partner programs. "As a 100% channel company, we remain completely committed to delivering our partners and customers with the absolute best products and support to face today's increasingly complicated security challenges," said SonicWall President and CEO Bob VanKirk. "We're excited to be recognized by CRN, especially knowing that they celebrate best-in-class vendors that are committed to driving partner growth and demonstrating outstanding channel performance. SonicWall is uniquely positioned to help partners, including MSSPs, evolve and help facilitate their growth." With 37 years of history, CRN's ARC Awards recognize best-in-class vendors devoted to boosting IT channel growth through innovation in technology and partner strategy. Through the ARC Awards — known as one of the most prestigious honors in the IT industry — solution providers offer key feedback that commends technology manufacturers for designing channel-friendly product offerings, developing strong partner programs, and building long-term successful relationships with solution providers. SonicWall's SecureFirst Partner Program and its industry-leading security products help partners and MSSPs exceed customer demands. More than 17,000 active SonicWall partners help protect our customers every day, and because of them SonicWall is one of the unquestioned leaders in the cybersecurity space. The ARC Awards are based on an invitation-only research survey conducted by The Channel Company. Responses from 3,000 solution providers across North America were evaluated in this year's survey, rating 82 vendor partners across four criteria: product innovation, support, partnership, and managed cloud services. Scores were awarded in 25 major product categories in technology areas that are critical to channel partner success. "It's our pleasure to honor vendors that consistently deliver top-performing products and services to establish and foster successful channel partner relationships. "In addition to highlighting our winners, CRN's Annual Report Card Awards provide vendors with actionable feedback and insight into their current standing with partners that can be incorporated into their channel strategies in the future." Blaine Raddon, CEO, The Channel Company Winners will be featured throughout The Channel Company's XChange 2022 conference, taking place August 21-23 in Denver, Colorado. Coverage of the CRN 2022 ARC results can be found online at www.CRN.com/ARC and will be featured in the October 2022 issue of CRN Magazine. About SonicWall SonicWall delivers Boundless Cybersecurity for the hyper-distributed era in a work reality where everyone is remote, mobile and unsecure. SonicWall safeguards organizations mobilizing for their new business normal with seamless protection that stops the most evasive cyberattacks across boundless exposure points and increasingly remote, mobile and cloud-enabled workforces. By knowing the unknown, providing real-time visibility and enabling breakthrough economics, SonicWall closes the cybersecurity business gap for enterprises, governments and SMBs worldwide. For more information, visit www.sonicwall.com or follow us on Twitter, LinkedIn, Facebook and Instagram. About The Channel Company The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace.

Read More