EKANS Ransomware Raises Industrial-Control Worries

Dark reading | February 03, 2020

A fairly unsophisticated ransomware attack has raised a few eyebrows among security researchers for its ability to force computers to stop specific activities, or processes, related to industrial control systems, critical-infrastructure security firm Dragos stated in a report published on February 3.In the past, ransomware has generally caused disruption in industrial control system (ICS) environments as a side effect of the malware's destructive activity — encrypting data would cause some software to fail, causing outages. Although a relatively primitive attack, the EKANS ransomware actively targets certain products common in ICS environments, says Joe Slowik, an adversary hunter with Dragos.

Spotlight

Understand the latest threats with an in-depth analysis tailored to your organization or geography, showing which malware families are targeting your online banking websites and applications. Learn more by watching this video.

Spotlight

Understand the latest threats with an in-depth analysis tailored to your organization or geography, showing which malware families are targeting your online banking websites and applications. Learn more by watching this video.

Related News

SOFTWARE SECURITY

LogRhythm Accelerates Threat Detection Capabilities with Innovations to Product Suite

LogRhythm | July 06, 2022

LogRhythm, the company helping busy and lean security operation teams save the day, today announced the launch of version 7.9 of the LogRhythm SIEM Platform and updates to LogRhythm NDR and LogRhythm UEBA. “LogRhythm arms security teams with intelligent analytics and automated responses to reduce cybersecurity exposure, eliminate blind spots and quickly shut down attacks,” said Kish Dill, chief product and customer officer at LogRhythm. "The company is changing the way we work by becoming customer-centric throughout our whole organization. We are listening to our customers and promise to deliver quarterly innovations that address the challenges our customers face every day. We recognize that security teams don’t have time to spare on long processes and inefficient workflows. With these latest updates, security teams will have the tools they need to make operations more effective and efficient to defend their organization against today’s top threats.” LogRhythm 7.9, LogRhythm NDR and LogRhythm UEBA (formerly CloudAI) provide new features designed to help security teams overcome everyday obstacles by accelerating threat response, improving workflows and simplifying processes, including: Faster time to value through improved analyst workflows Enhanced automation with Admin API: LogRhythm 7.9 improves the Admin API by adding system monitoring management (LogRhythm SysMon) endpoints to the API library. This enables SIEM administrators to connect through the Admin API and manage the SysMon agent, allowing for automated process batching. Embedded Expertise: LogRhythm accelerates customer time to value through its out of the box LogRhythm SmartResponse™. LogRhythm 7.9 includes added and enhanced SmartResponses to its already extensive library of over 120 integrations. Enable packet capture in UI: LogRhythm NDR users can download PCAP files for specific incidents and cases to pull in more detail, helping investigations and improving threat hunting. Easier and faster event log filtering: LogRhythm 7.9 includes a new way to filter logs at the agent. Users can now select the types of Windows event logs the agent queries, accelerating the time to process logs and removing the burden on the collection pipeline. Expanded threat detection capabilities Enhanced LogRhythm NDR detection models: Users can detect a wider array of ransomware attacks with LogRhythm NDR’s improved analytics capabilities. Advanced analytics models: LogRhythm UEBA offers advanced UEBA analytics as a cloud-native, easy to deploy add-on for LogRhythm 7.9 users. Models were improved and new models added to ensure today's complex attacks can be detected and anomalies requiring priority attention can be identified, further reducing alert fatigue and accelerating response times. Policy violation alerts: LogRhythm NDR offers alerts about expired certificates, weak ciphers used in connections, and authentication activity happening in clear text, offering additional context to what could represent a risk. Extended flexibility Controlled overages with powerful license metering reporting: LogRhythm added a new reporting feature to make licensing overages more visible and easier to understand by displaying any overages in the past 30 days. This feature will help teams better manage license usage and costs. Expanded endpoint integrations: LogRhythm now includes Cisco Secure Endpoint (formerly AMP for Endpoints) in its family of EDR integrations. About LogRhythm LogRhythm helps busy and lean security operations teams save the day — day after day. There’s a lot riding on the shoulders of security professionals — the reputation and success of their company, the safety of citizens and organizations across the globe, the security of critical resources — the weight of protecting the world.

Read More

SOFTWARE SECURITY

McGill and Partners Choose CyberCube for Cyber Risk Analytics

CyberCube | July 14, 2022

CyberCube, the provider of the world’s leading cyber risk analytics for the insurance industry, today announces that McGill and Partners, the specialist (re)insurance broker, is using its Portfolio Manager and Broking Manager cyber risk analytics platforms. Launched in 2019 by insurance veteran Steve McGill, McGill and Partners is rapidly growing to become a major force in the insurance and reinsurance market, quickly developing its offering in both cyber reinsurance and insurance. Today the firm has over 430 staff and offices in the UK, US, Bermuda and Ireland. The deal with CyberCube is part of McGill and Partners’ continued development of its cyber (re)insurance strategy. CyberCube’s Portfolio Manager is a scenario-based data-driven model that enables risk professionals to develop insights for their senior leadership and teams. Portfolio Manager stress tests portfolios of insurance and reinsurance risks against a range of systemic cyber-related scenarios including data breaches, cloud outages, global ransomware attacks and financial fraud. Broking Manager is the first software-as-a-service application CyberCube has built specifically for the insurance broking community. It offers a streamlined approach to analyzing potential financial exposure impacts arising from cyber events that helps clients make informed decisions on coverages and limits. “We are excited to be working with the team at McGill and Partners and be part of the company’s cyber (re)insurance growth strategy on both the direct insurance side via Broking Manager and on its reinsurance side via Portfolio Manager.” Alejandra Donoso, CyberCube’s Principal Client Account Manager Neil Sharma, Partner – Reinsurance at McGill and Partner, said: “We are looking to bring all stakeholders in the cyber value chain together; collaborating between our insurance and reinsurance teams and partnering with CyberCube’s platforms which help deepen our understanding of the risks allowing us to provide best-in-class solutions to our clients.” About CyberCube CyberCube delivers the world’s leading cyber risk analytics for the insurance industry. With best-in-class data access and advanced multi-disciplinary analytics, the company’s cloud-based platform helps insurance organizations make better decisions when placing insurance, underwriting cyber risk and managing cyber risk aggregation.

Read More

PLATFORM SECURITY

Uptycs consolidates cloud security with CNAPP

Uptycs | June 07, 2022

Uptycs, the first cloud-native security analytics platform that enables cloud and endpoint protection from a single solution, unveiled new capability to address critical cloud-native application protection platform (CNAPP) use cases today at the RSA Conference. In order to offer these functionalities, telemetry from the necessary attack surfaces is ingested into the Uptycs SQL-powered data lake for real-time and historical analysis. With a single data and control plane, this platform architecture allows enterprises to consolidate security tools as they progressively embrace cloud-native software development and operations. Gartner estimates that by 2025, 70% of enterprises will reduce the number of providers safeguarding the life cycle of cloud-native apps to no more than three. Gartner advises security and risk management executives implementing a consolidation approach as follows: "Evaluate security platforms where data and control planes are shared; use this consolidation to develop common rules and close gaps and vulnerabilities across legacy silos." "Security organizations face fast-changing threats while struggling to hire and retain technical talent. At the same time, organizations are accelerating digital transformation by adopting new cloud-native technologies and operations. Unlike other security vendors that take a portfolio approach—lightly integrating separately acquired products—Uptycs addresses these challenges by extending our SQL-powered analytics platform to cover key CNAPP use cases." Ganesh Pai, CEO and co-founder of Uptycs The Uptycs system generalizes telemetry at the collection point into SQL tables, allowing for real-time analysis and correlation as data flows into the cloud. This enables columnar compression as well as rapid query speeds over petabytes of data. According to Gartner: "Securing cloud-native applications offers enterprises the opportunity to redesign security approaches. Rather than treat development and runtime as separate problems—secured and scanned with a collection of separate tools—enterprises should treat security and compliance as a continuum across development and operations. They should look to consolidate tools into cloud-native application protection platforms where possible."

Read More