Deloitte | May 08, 2020
Multinational professional services network Deloitte has announced a partnership with global cybersecurity leader Palo Alto Networks.
Deloitte’s EMEA Cybersphere Center boasts a technological setup capable of carrying out security orchestration, automation, monitoring and response tasks.
Together we look forward to helping customers around the world make each day more secure than the one before.
Organizations operating in today’s fast-moving digital world need a cybersecurity strategy capable of tackling increasingly sophisticated threats. Collaboration is key in the cybersecurity industry to build and implement the best solutions possible to stay one step ahead. For this reason, Deloitte’s EMEA Cybersphere Center has partnered with global cybersecurity leader Palo Alto Networks, with the aim of expanding its managed security services portfolio for customers both in Spain and across its entire global network. This partnership will see Deloitte’s EMEA Cybersphere Center integrate Cortex XDR™, Cortex™ XSOAR (formerly Demisto), and Prisma™ Cloud solutions into its security catalogue.
With this agreement, Deloitte’s EMEA Cybersphere Center boasts a technological setup capable of carrying out security orchestration, automation, monitoring and response tasks to tackle the most sophisticated threats detected in any environment. Cortex XSOAR’s industry-leading security orchestration, automation and response technology has also been implemented within Deloitte’s own security operations centre, allowing its team of professionals to augment their current capabilities and ultimately be better prepared to tackle increasingly complex cybersecurity threats on behalf of customers.
Learn more: PROGRESS IS THE PROMISE IN NATIONAL CYBERSECURITY STRATEGY
“This partnership enables us to enhance the service that we provide to our clients and to combine the finest threat detection and response technologies with the development of technological processes and the experience of our professionals across all areas of cybersecurity. This represents a giant leap forward for our market growth strategy.”
~ Christian Hentschel, president, Palo Alto Networks.
“Deloitte, not only helping them to deliver enhanced SOAR capabilities having implemented our technology in their own security operations centre, but also incorporating services around our wider Cortex and Prisma Cloud solutions.���
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices .
MICROSOFT SHARES THREAT INTELLIGENCE, SECURITY GUIDANCE DURING GLOBAL CRISIS
Digit | June 22, 2020
Although costs have increased, data shows a sharp rise in cybersecurity spending and measures to combat the issue.A recent study by insurer Hiscox has revealed a six-fold increase in cybersecurity losses among businesses targeted in the past year, increasing from a median $10,000 (£8,051) per firm to $57,000 (£45,892).The international study, using findings from 5,569 companies across eight countries, shows a $1.2 billion rise in cyber losses to almost $1.8 billion, with the most heavily-targeted sectors being financial services, manufacturing and technology, media and telecoms (TMT).However, there were also signs that firms are responding to threats with “more rigorous security measures and higher spending”, which increased by 39%. As well as this, although losses increased, the proportion of businesses targeted fell from 61% to 39%.
Cybereason | April 23, 2021
Cybereason, the market leader in future-ready attack protection, reported today the discovery of a widespread, global campaign aimed at spreading the stealthy Prometei Botnet by attacking enterprises with a multi-stage attack to harvest computing power to mine bitcoin. To infiltrate networks, the threat actors, who tend to be Russian speakers, are exploiting previously disclosed Microsoft Exchange vulnerabilities used in the Hafnium attacks.
Prometei has a sophisticated infrastructure in place to guarantee its longevity on infected machines. Though Prometei was first reported in July 2020, Cybereason believes the botnet dates back to at least 2016, a year before the now-famous WannaCry and NotPetya malware attacks, which infected over 200 countries and caused billions of dollars in damage. Prometei is still evolving, with new features and tools being added daily.
“Because it has gone undetected, the Prometei Botnet poses a significant danger to companies. When attackers gain possession of infected machines, they can not only mine bitcoin by stealing processing power, but they can also exfiltrate classified information. The attackers may even inject the infected endpoints with other malware and work with ransomware groups to offer access to the endpoints if they so desire. To make matters worse, crypto mining consumes vital network computing power, adversely affecting business processes as well as the performance and reliability of sensitive servers,” said Assaf Dahan, Cybereason's senior director and head of threat research.
Key findings from the research, include:
• Wide range of Victims: Victims have been observed across a variety of industries, including Finance, Insurance, Retail, Manufacturing, Utilities, Travel, and Construction. Infected companies are based in countries around the world, including the United States, United Kingdom, Germany, France, Spain, Italy and other European countries, South America and East Asia.
• Russian Speaking Threat Actor: The threat actor appears to be Russian speaking and is purposely avoiding infections in former Soviet bloc countries.
• Exploiting SMB and RDP Vulnerabilities: The main objective of Prometei is to install the Monero crypto miner on corporate endpoints. To spread across networks, the threat actor is using known Microsoft Exchange vulnerabilities, in addition to known exploits EternalBlue and BlueKeep.
• Cross-Platform Threat: Prometei has both Windows-based and Linux-Unix-based versions, and it adjusts its payload based on the detected operating system on the targeted machines when spreading across the network.
• Cybercrime with APT Flavor: Cybereason assesses that the Prometei Botnet operators are financially motivated and intent on generating hefty sums of bitcoin, but is likely not backed by a nation-state.
• Resilient C2 Infrastructure: Prometei is designed to interact with four different C2 servers which strengthen the botnet’s infrastructure and maintain continuous communications, making it more resistant to takedowns.
Recommendations to companies for minimizing the Microsoft Exchange vulnerability include constantly scanning the environment for threats and imposing stricter patch management policies to ensure that all updates are deployed regularly. Sensitive network assets should also be hardened, multi-factor authentication implemented, and endpoint detection and response tools installed.
Cybereason is a champion for today's cyber defenders, offering future-ready attack protection that unifies security from the endpoint to the enterprise and everywhere the battle moves. The Cybereason Defense Platform incorporates the industry's best detection and response (EDR and XDR), next-generation anti-virus (NGAV), and aggressive threat hunting to provide context-rich analysis of any component of a Malop (malicious operation). As a result, defenders will stop cyberattacks from endpoints to everywhere. Cybereason is a privately owned international company based in Boston that serves clients in over 30 countries.