Google | June 19, 2020
A newly discovered spyware effort attacked users through 32-million downloads of extensions to Google’s market-leading Chrome web browser.
Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains.
A newly discovered spyware effort attacked users through 32-million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security said, highlighting the tech industry’s failure to protect browsers as they are used more for e-mail, payroll and other sensitive functions. Alphabet’s Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers in May.
When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses, Google spokesperson Scott Westover said. Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
Read more: 65% OF PHISHING THREATS FACING REMOTE WORKERS IMPERSONATE GOOGLE-BRANDED WEBSITES
When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses.
~ Google spokesperson Scott Westover said
Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, said Awake co-founder and chief scientist Gary Golomb. Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.
It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.“Anything that gets you into somebody’s browser or e-mail or other sensitive areas would be a target for national espionage as well as organised crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
We do regular sweeps to find extensions using similar techniques, code and behaviours,” Google’s Westover said, in identical language to what Google gave out after Duo’s report.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said. If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites. All of the domains in question, more than 15,000 linked to each other in total, were bought from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication.
In an e-mail exchange, Galcomm owner Moshe Fogel told Reuters his company had done nothing wrong. “Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we co-operate with law enforcement and security bodies to prevent as much as we can.” Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company’s e-mail address for reporting abusive behaviour, and he asked for a list of suspect domains. Reuters sent him that list three times without getting a substantive response. The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.
Read more: LEVERAGING THREAT INTELLIGENCE TO TACKLE CYBERTHREATS IN TIMES OF COVID-19
prnewswire | October 06, 2020
BitSight, the Standard in Security Ratings, and Solactive, a German index engineering firm, today released new research demonstrating that a company's cybersecurity performance is an indicator of business performance. Analysis shows that indices composed of well-performing BitSight-rated companies outperform their respective benchmarks by 1% to 2% annually. For certain sectors, such as U.S. Technology, well-rated companies outperform the benchmark by 7% per year. The findings are an endorsement for today's introduction of the Solactive BitSight Cyber Risk Index, a financial index that will enable investors to invest in companies who are top cybersecurity performers as measured by BitSight.
Herjavec Group | October 14, 2021
Robert Herjavec, Founder & CEO of global cybersecurity firm Herjavec Group and a leading investor on the Emmy Award-winning show Shark Tank, proudly announces the strategic acquisition of SEGMENTECH, a North American cybersecurity services firm specializing in Identity and Access Management (IAM) & Privileged Access Management (PAM) solutions for enterprise customers.
This acquisition further expands and accelerates Herjavec Group's leading IAM practice by adding world-class Privileged Access Management talent, specializing in implementations of CyberArk, a global leader in Identity Security.
"As we have transitioned to a flexible workforce environment, businesses have been forced to accelerate and pivot their digital transformation," said, Robert Herjavec. "As a result, CIOS and CISOs are navigating a paradigm shift in cybersecurity, and the way their security environment needs to be set up. IAM and PAM have become foundational to all security programs, to ensure that the right people access the right data, at the right time, for the right reasons. As a result, we are experiencing a tremendous uptick in demand for services to implement comprehensive IAM and PAM programs."
Founded in 2015 by Roy Levy and Boris Zaidfeld, SEGMENTECH is a leading provider of IAM & PAM services and is an expert advisor in DevSecOps and how to secure CI/CD processes. SEGMENTECH supports global enterprise customers through the implementation and expansion of IAM and PAM programs. Both Herjavec and SEGMENTECH are established partners of CyberArk. With this acquisition, Herjavec will further advance its privileged access management practice by putting CyberArk at the core, which enables a security-first approach to decreasing identity-led risk.
This acquisition strengthens Herjavec Group's position as an Identity and Access Management leader and will benefit organizations seeking to fortify their cybersecurity defenses,CyberArk has strong relationships with both Herjavec and SEGMENTECH. Their commitment to investing in highly trained cybersecurity professionals, especially in the area of privileged access management, combined with expanded access to CyberArk-based Identity Security solutions, will dramatically improve security for our joint customers.
Chris Moore, VP of Global Channel at CyberArk.
Herjavec Group and SEGMENTECH customers will benefit from working with highly qualified professionals, including those who have achieved their Guardian certification, the highest level of CyberArk training and a proven track record of capabilities, ensuring enterprises can accelerate, improve, and manage their cybersecurity lifecycle.
About Herjavec Group:
Robert Herjavec founded Herjavec Group in 2003 to provide cybersecurity products and services to enterprise organizations. We have been recognized as one of the world's most innovative cybersecurity operations leaders, and excel in complex, multi-vendor environments. Our service expertise includes Advisory Services, Technology Architecture & Implementation, Identity and Access Management Services, Managed Security Services, Threat Management, and Incident Response. Herjavec Group operates across the United States, United Kingdom, India and Canada.