DMSniff POS Malware Uses DGA to Stay Active

Infosecurity Magazine | March 15, 2019

Researchers have discovered a rare strain of POS malware which uses a domain generation algorithm (DGA) to maintain persistence. Flashpoint’s Jason Reaves and Joshua Platt revealed in a blog post that the DMSniff malware may have been in use undetected for as long as four years, targeting small and mid-sized businesses in the restaurant and entertainment sectors. DGAs are used to evade detection and takedown by creating large numbers of new C&C domains on an ongoing basis. The duo said they have found 11 variants of the DGA in DMSniff, claiming such a feature is unusual in POS malware. It’s also not the only tactic the malware authors have used to protect it from investigators. Another discovered by Reaves and Platt was a simple string encoding routine designed to prevent researchers from understanding the malware’s capabilities.

Spotlight

Within this extended enterprise network, the impact of vulnerable software applications is significantly magnified. Compromised applications can pose a real threat to business operations, both within the enterprise and across the supply chain.  The need to recognize the value of application security is now more than ever. Here is an infographic we have developed that helps illustrate Why application security matters.

Spotlight

Within this extended enterprise network, the impact of vulnerable software applications is significantly magnified. Compromised applications can pose a real threat to business operations, both within the enterprise and across the supply chain.  The need to recognize the value of application security is now more than ever. Here is an infographic we have developed that helps illustrate Why application security matters.

Related News

DATA SECURITY

QuSecure Partners with DataBridge Sites

DataBridge Sites | June 15, 2022

QuSecure, Inc., a pioneer in post-quantum cybersecurity (PQC), announced today a collaboration with DataBridge Sites, a cutting-edge data center provider that serves off-site business critical IT environments, to demonstrate its Quantum-as-a-Service (QaaS) orchestration platform QuProtect. QuProtect is the industry's first end-to-end post-quantum cybersecurity software-based solution that uses quantum secure channels to safeguard encrypted communications and data with quantum resilience. As an outcome of the collaboration, QuProtect is the first and only PQC solution provided as a live service in a data center. Business, IT, and security executives may quickly learn more about a successful PQC implementation by offering an accessible and tangible example of advanced PQC at datacenters like DataBridge. According to Shor's algorithm, any quantum computer with sufficient power would ultimately overcome all present global encryption. As a result, in order to secure data and communications, all business and government bodies must update to quantum-resistant equipment. Furthermore, data stolen now can be decoded in the future by a quantum computer, thus major enterprises must begin the strategic and information collecting stages of transitioning their cybersecurity to assure quantum resilience. The QuSecure/Databridge collaboration offers a technique for demonstrating quantum resilience. “Our team is very excited to now be home to the QuSecure environment, which is the first PQC software that is currently live in a data center. Our company sees the quantum computing industry as a rapid growth area that can be used widespread through the commercial and federal marketplace. QuSecure’s unique offering will add to our ecosystem of service providers for clients to utilize.” Mike Lozupone, DataBridge Sites director of business development He further added, “DataBridge sees this partnership as being mutually beneficial, and we feel fortunate to work with companies like QuSecure as their business continues to grow. We expect new customers to be driven to our facility to benefit from the combination of QuSecure’s quantum security offerings and the infrastructure scale and physical security provided by DataBridge Sites.” QuProtect delivers quantum-resistant cryptography at any time, on any device. QuProtect employs an end-to-end, quantum-security-as-a-service (QSaaS) architecture that addresses the most vulnerable aspects of the digital ecosystem by combining zero-trust, next-generation post-quantum cryptography, quantum-strength keys, high availability, simple deployment, and active defense into a detailed and coherent cybersecurity suite. The end-to-end method is built around the full data lifecycle, including data storage, communication, and consumption. Skip Sanzeri, QuSecure Founder and COO said that “DataBridge is a world-class organization, and we are pleased to partner with them to provide the first instance of post-quantum cybersecurity available in a data center. The quantum threat, or Q-Day, is coming at us rapidly, and in May the White House published two initiatives to actively build U.S. quantum computing and post-quantum cybersecurity programs. Our partnership with DataBridge is another big step along the way to National Security in line with the White House memos.” QuProtect is the most sophisticated PQC solution in the market, offering quantum-resilience for many of today's key use cases such as network, IoT, edge devices, and satellite communications. QuProtect may be hosted on-premises or in the cloud, giving the most suitable solution to the post-quantum dilemma and addressing today's complicated compliance concerns, such as BYOD and work-from-home regulations. PQC can be implemented across all network devices with minimum interruption to existing systems, defending against present and future quantum assaults that might irrevocably destroy industries and infrastructures in the government and commercial sectors.

Read More

PLATFORM SECURITY

Axonius Adds Key Integrations with AWS

Axonius | July 25, 2022

Axonius, a cybersecurity asset management provider, today announced integrations with Amazon Macie, Amazon GuardDuty, and AWS SecurityHub while extending its Amazon Inspector functionality. These new integrations will help customers to better understand and manage vulnerabilities across their Amazon Web Services (AWS) infrastructure. By connecting to both AWS first-party and ISV-third party security solutions, Axonius provides comprehensive visibility and management of assets across AWS cloud, multi-cloud, and on-premises. The latest integrations provide the following capabilities: Identify Exposed Amazon S3 Buckets: Axonius fetches findings from Amazon Macie to help customers identify exposed Amazon S3 buckets to maintain data integrity and compliance. Detecting Malicious Activity & Compromised Security Controls: By integrating with Amazon GuardDuty, Axonius helps customers detect malicious activity to protect AWS accounts, workloads, and data and help them understand which assets have compensating security controls. Helping Meet Security Best Practices: With insights from AWS SecurityHub, customers can compare against correlated data to verify whether assets that don't meet best practice standards have a compensating security control. Comprehensive View of Cloud Security Posture: Axonius delivers a complete inventory of assets from more than 450 correlated data sources giving customers a comprehensive view of their cloud security, including vulnerability data from Amazon Inspector. "As companies continue to shift workloads to the cloud, they're also increasingly leveraging cloud provider-native security service offerings. "Yet customers are still exhausted by the highly-manual, slow, and error-prone processes that negatively impact their risk mitigation, threat management, and compliance. With Axonius and AWS, customers finally have a unified view of their assets while dramatically strengthening their security posture." Mark Daggett, Vice President of Worldwide Channels and Alliances at Axonius About Axonius Axonius is the cybersecurity asset management platform that gives organizations a comprehensive asset inventory, uncovers gaps, and automatically validates and enforces policies. Deployed in minutes, the Axonius cyber asset attack surface management (CAASM) solution integrates with hundreds of data sources to give customers the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, automating response actions, and informing business-level strategy. Cited as one of the fastest growing cybersecurity startups, with accolades from CNBC, Forbes, and Fortune, Axonius covers millions of devices for customers around the world.

Read More

PLATFORM SECURITY

XM Cyber Acquires Cyber Observer

XM Cyber | June 28, 2022

XM Cyber, a hybrid cloud security provider, announced the acquisition of Cyber Observer, a pioneer in Continuous Controls Monitoring (CCM) and Cloud Security Posture Management (CSPM). This is XM Cyber's latest growth milestone in a year in which the organization has considerably increased its lead position in the cybersecurity market. Companies are changing faster than ever before, owing to growing regulation, competition, and consumer expectations. Traditional risk management techniques are no longer cost-effective and are incapable of providing the coverage or speed necessary in a dynamic digital environment. By incorporating XM Cyber's market-leading attack path management with Cyber Observer's continuous control monitoring, security teams will be able to see both their cyber exposures as well as how their existing security controls and identification and response tools can react to these threats at any given time, accurately representing the true risk to the business. The Cyber Observer platform will be incorporated into XM Cyber's, providing a unified, continuous picture of the vulnerabilities and exposures that put vital assets at risk, as well as the security control gaps that fail to prevent assaults. It will also automate compliance validation and reporting for important standards such as ISO, NIST, GDPR, SWIFT, and PCI. "Even as awareness of cybersecurity risk continues to grow, attackers are thriving and routinely exploiting attack paths that can be used to move laterally through an enterprise network. Our goal is to give security teams the ability to easily understand and correct their security posture on a continuous basis, including weaknesses, exposures and compensating security controls across the full internal and external attack surface covering on-prem, cloud and SaaS systems. This acquisition is not an isolated event, but just the latest step in our strategy to provide the most comprehensive and proactive security posture management platform on the market." Noam Erez, co-founder and CEO, XM Cyber Schwarz Group is the world's fourth largest retailer and a major player in cloud computing. With the establishment of a European cloud, the corporation has expanded fast in the digital area in recent years. Schwarz bought XM Cyber as its cyber branch in November 2021. Since then, XM Cyber has expanded its product offering, increased its worldwide staff, and enlarged its customer base. Schwarz's strong financial stability and wide digital vision are a driving force for development and innovation. "Cyber Observer's patented continuous control monitoring capabilities are a perfect complement to XM Cyber's award-winning hybrid cloud security platform. We are excited about this opportunity and look forward to working with the XM Cyber team to deliver the first end-to-end continuous cyber security posture management solution supporting both cloud and on-premises coverage," said Shimon Becker, co-founder and CEO, Cyber Observer.

Read More