Document-Based Malware on the Rise in 2019

Infosecurity Magazine | April 04, 2019

Document-Based Malware on the Rise in 2019
Evolving malware continues to pose threats to business, and new research has revealed a rise in the use of document-based malware since the start of 2019. According to the newest Threat Spotlight from Barracuda Networks, researchers analyzed emails and identified more than 300,000 unique malicious documents, representing 48% of all malicious files detected in the last 12 months. The frequency of document-based malware rose dramatically in the first quarter of 2019, with 59% of all malicious files coming from documents. “For the past couple of years, script files were a very popular attack method. The percentage of these sort of files declined drastically, however, and was a significant source of the increase of documents as an infection method,” said Jonathan Tanner, senior security researcher at Barracuda Networks. Although documents are good for targeted attacks, the document-based malware analyzed were all used in phishing campaigns. However, Tanner said they are used in targeted attacks as well since as a file type they are less suspicious and more common in clean emails than other file types that could contain malware.

Spotlight

Cybersecurity is our top priority From product development to operations to data protection, we are embedding security everywhere. This pervasive security mindset gives us the power to identify and pivot on issues faster and with greater confidence than ever before. Our commitment to invest across people, processes, technology and policies is helping us build the new secure enterprise.

Related News

Doble's Transient Cyber Asset Security Service a Hit among Top Electric Utilities, Demand Rises

Doble | July 01, 2020

Doble Engineering Company, a leader in power grid diagnostic solutions and subsidiary of ESCO Technologies Inc. (NYSE: ESE), today announced it has seen sustained growth in its Transient Cyber Asset (TCA) program. During the first half of 2020, the company achieved a record client renewal rate and strong customer acquisition growth, especially among the Fortune 500 and top electric utilities in the U.S.Doble's Transient Cyber Asset program is a comprehensive Managed Security Services (MSS) solution that supports electric utility field crews. As part of the offering, customers can choose from a range of rugged, special-purpose laptops or tablets, called Doble Universal Controllers (DUCs), or use their own transient devices. Doble's expert team hardens the devices to minimize cybersecurity risks and optimizes them for efficient field work. Doble's solution also includes remote management, 24/7 customer support, and compliance monitoring to ensure the devices remain secure and compliant to applicable regulations over their operational lifetime.Doble's Transient Cyber Asset program is growing due to the continuing evolution of the North American Electric Reliability Corporation's (NERC) critical infrastructure protection (CIP) cybersecurity standards. NERC CIP-003-8, which went into effect in January 2020, expanded transient cyber asset requirements to low impact substations, bringing many more power plants and utilities within scope of the security mandates.

Read More

DATA SECURITY

Exclusive Networks Signs Global Deal with Infinipoint to Extend Zero-Trust Security to Device Identity

Infinipoint | November 23, 2021

Exclusive Networks, a global trusted cybersecurity specialist for digital infrastructure, today announced its worldwide distribution agreement with Infinipoint, a provider of a pioneering Device-Identity-as-a-Service (DIaaS) security solution that uniquely enables the critical device pillar of the zero-trust cybersecurity approach. Focusing on mid-market aligned partners – initially in Europe covering France, Germany and the UK with a view to extending across global territories from early 2022 – Exclusive will be supporting Infinipoint growth targets both through net new opportunities and by capitalising on technology integrations (i.e. SASE, MFA, ZTNA, etc.) and alliances from within its vendor portfolio. Commenting on the announcement, Denis Ferrand, VP Global Vendor's Alliances & Business Development at Exclusive Networks said, "Of the seven pillars propping up the concept of zero-trust architecture (ZTA), partners have struggled most to position a strong story around zero-trust for device access because specialist solutions simply haven't existed. That's all changed with Infinipoint and DIaaS. Enterprises know that implementing the zero-trust for devices piece right is essential – and with Infinipoint we're breaking down that barrier. It's a great solution and fits perfectly into our cyber ecosystem. DIaaS also naturally supports a multitude of consumption models which makes it readymade for scaling out globally via our X-OD on-demand platform." Launched in July this year, DIaaS has been gaining significant market traction. Exclusive will build on this demand to accelerate and scale globally through its specialist go-to-market services and ecosystem of over 18,000 channel partners. "Infinipoint is pioneering the Device-Identity-as-a-Service security category and is the first and only solution to provide Single Sign-On (SSO) authorisation integrated with risk-based policies and self service one-click remediation for non-compliant and vulnerable devices. Ariel Kriger, VP Global Sales & Business Development at Infinipoint. "Exclusive Networks was the natural choice to support our market acceleration, possessing the necessary specialist cyber expertise and global scale to enthuse, educate and serve pent-up partner demand for this gap in the zero-trust market. Extending a zero-trust security posture to devices remains an essential and urgent requirement for every work-from-anywhere workforce. And to do it properly you have to do it by design, with adaptive access controls acting on device context, continuously checking device posture not just at the point of access – all the while not burdening the IT department or negatively impacting end user productivity. None of this is easy to do, but we've done it and now partners and their customers can reap the benefit." About Exclusive Networks Exclusive Networks is a global trusted cybersecurity specialist for digital infrastructure helping to drive the transition to a totally trusted digital future for all people and organisations. Our distinctive approach to distribution gives partners more opportunity and more customer relevance. Our specialism is their strength – equipping them to capitalise on rapidly evolving technologies and transformative business models. The Exclusive Networks story is a global one with a services-first ideology at its core, harnessing innovation and disruption to deliver partner value. With offices in 40 countries and the ability to service customers in over 150 countries across five continents, Exclusive Networks has a unique 'local sale, global scale' model, combining the extreme focus and value of local independents with the scale and service delivery of a single worldwide distribution powerhouse. More at www.exclusive-networks.com. About Infinipoint Infinipoint is a pioneer in the Device-Identity-as-as-Service security category to extend a true zero-trust security posture to devices. Infinipoint is the only solution that provides Single Sign-On (SSO) authorization integrated with risk-based policies and one-click remediation for non-compliant and vulnerable devices. This reduces risk by protecting access to an organization's data and services while transforming devices to support a world-class security posture. Infinipoint is able to do all this in a productive way that maintains business continuity with no disruption to the workforce.

Read More

COVID-19 Pandemic Moves Organizations to Increase Cybersecurity Spending

Cisco | May 22, 2020

Coronavirus crisis creating new opportunities for cybercriminals, 70 percent of organizations are seeing the value of increasing their investments in cybersecurity solutions. The challenge for many organizations is continuing to accomplish their security must-dos with significantly less resources. It’s important for security providers to understand that their goal is to help an organization maintain security continuity during this period, not to replace their teams long term. With coronavirus crisis creating new opportunities for cybercriminals, 70 percent of organizations are seeing the value of increasing their investments in cybersecurity solutions. According to a LearnBonds.com report, besides boosting their cybersecurity spending, as the top IT priority this year, around 55 percent of major organizations will boost their investments in automation solutions, revealed HFS Research survey conducted in April. Smart analytics, hybrid or multi-cloud and artificial intelligence follow, with 53 percent, 49 percent and 46 percent of those bodies asked naming them as their leading IT investments this year. The statistics show spending on augmented and virtual reality technology, blockchain and edge computing is under pressure this year, with just 32 percent, 30 percent and 27 percent of enterprises planning to increase their spending on these technologies in 2020. Though recent years have witnessed a surge in the use of artificial intelligence, helping businesses to improve their efficiency, quality and speed, statistics show artificial intelligence solutions are set to witness a massive drop in spending this year, with 23 percent of major enterprises planning to cut their investments on these technologies. Blockchain follows with an 18 percent share among those asked downsizing their IT budgets. However, data revealed IT vendors are much more optimistic about their clients spending on AI technology, with 59 percent of respondents expecting increased investments this year. Jack Mannino, CEO at nVisium, says, “The challenge for many organizations is continuing to accomplish their security must-dos with significantly less resources. Learn more: SINGLE LAYERS OF SECURITY AREN’T ENOUGH TO PROTECT YOUR ORGANIZATION’S DATA . "Employees working from home are using their personal mobile devices to connect to home networks, which means traditional perimeter-based security tools no longer provide visibility or control for security teams. CISOs are adapting to provide endpoint security to all devices in this new normal, to enable teams and organizations to get back to business." ~ Cisco Team Relying on a pool of trusted security partners is critical, as niche skills or deep expertise may come from external sources when internal headcount is constrained. Historically, companies have increased their security outsourcing in periods where it’s hard to justify increasing or maintaining internal head count. It’s important for security providers to understand that their goal is to help an organization maintain security continuity during this period, not to replace their teams long term.” Budgets will have more scrutiny than ever before, however, a risk-based approach is still required. Non-essential spending should be pushed back, but it would be foolish to stop mitigating risks in the near term. "CISOs were focused on endpoint protection for traditional work devices like laptops. In a remote work world, cybersecurity tools must protect all devices employees connected to corporate cloud data - in particular mobile devices," Historically, cybersecurity is a sector where spending still occurs, even when the economy dips. There are risks to smaller and emerging firms, but sales revenue and the amount of capital raised provides resilience. To avoid going under, startups must have enough funds to cover operating expenses over the next few months to survive the COVID-19 storm.” Steve Durbin, managing director of the Information Security Forum, cautions about organizations reducing their cyber workforce at a vulnerable time. “It is more likely that businesses will be exposed because they neither have in-house, nor external access to the necessary skills to deliver their business operations with a remote workforce. I don’t see a short term altering of spending, but clearly this will come for many organizations as the COVID-19 crisis continues. It would extremely short sighted for business leaders to reduce cybersecurity staff and budget at a time when the majority of the workforce is critically dependent on cyber to function. Fausto Oliveira, Principal Security Architect at Acceptto, agrees reducing cybersecurity and IT staff would affect the well-being of systems in place and the security of remote workers. “Losing cybersecurity and IT staff increases the risk of a successful attack during the COVID-19 pandemic and may impair the ability of a company to sustain the large volume of remote workers. MSSPs are certainly a good choice when the financial cost of the cybersecurity function exceeds what the company can afford. I imagine that if the current scenario of personnel working from home remains in place for the long-term, then we will see a surge in the usage of MSSPs to address security gaps and act as a virtual cybersecurity function.” Bob Stevens, Vice President, Americas at Lookout, warns the move to a remote workforce has changed the security attack surface for every organization. Learn more: HOW CSOS CAN PROTECT USERS FROM PHISHING ATTACKS RELATED TO COVID-19 .

Read More

Spotlight

Cybersecurity is our top priority From product development to operations to data protection, we are embedding security everywhere. This pervasive security mindset gives us the power to identify and pivot on issues faster and with greater confidence than ever before. Our commitment to invest across people, processes, technology and policies is helping us build the new secure enterprise.