DATA SECURITY

Honeywell Cybersecurity Research Reports Significant Increase In USB Threats That Can Cause Costly Business Disruptions

Honeywell | June 22, 2021

According to a report released today by Honeywell (Nasdaq: HON), USB-based threats that can severely impact business operations increased significantly during a disruptive year when the usage of removable media and network connectivity also grew.

Data from the 2021 Honeywell Industrial USB Threat Report indicates that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in the 2020 report. The research also highlights that 79% of cyber threats originating from USB devices or removable media could lead to a critical business disruption in the operational technology (OT) environment.  At the same time, there was a 30% increase in the use of USB devices in production facilities last year, highlighting the growing dependence on removable media.

The report was based on aggregated cybersecurity threat data from hundreds of industrial facilities globally during a 12-month period. Along with USB attacks, research shows a growing number of cyber threats including remote access, Trojans and content-based malware have the potential to cause severe disruption to industrial infrastructure.

"USB-borne malware was a serious and expanding business risk in 2020, with clear indications that removable media has become part of the playbook used by attackers, including those that employ ransomware," said Eric Knapp, engineering fellow and director of cybersecurity research for Honeywell Connected Enterprise. "Because USB-borne cyber intrusions have become so effective, organizations must adopt a formal program that addresses removable media and protects against intrusions to avoid potentially costly downtime."

Many industrial and OT systems are air-gapped or cut off from the internet to protect them from attacks. Intruders are using removable media and USB devices as an initial attack vector to penetrate networks and open them up to major attacks. Knapp says hackers are loading more advanced malware on plug-in devices to directly harm their intended targets through sophisticated coding that can create backdoors to establish remote access. Hackers with remote access can then command and control the targeted systems.

Spotlight

For collaboration, communication, and data access, the web has become a mission-critical business tool. But the web also poses significant security risks to the enterprise that are easily encountered yet not so easy to detect. Some of the most sophisticated web-based threats are designed to hide in plain sight on legitimate and welltrafficked websites. For example, “malvertising” is the new industry term for disguising malware as online advertisements. Watering hole attacks conceal malware on member-based sites, phishing campaigns target individuals with personal details, and botnets take control of victims’ devices. Research conducted by Cisco® Talos found that 93 percent of customer networks access websites that host malware.

Spotlight

For collaboration, communication, and data access, the web has become a mission-critical business tool. But the web also poses significant security risks to the enterprise that are easily encountered yet not so easy to detect. Some of the most sophisticated web-based threats are designed to hide in plain sight on legitimate and welltrafficked websites. For example, “malvertising” is the new industry term for disguising malware as online advertisements. Watering hole attacks conceal malware on member-based sites, phishing campaigns target individuals with personal details, and botnets take control of victims’ devices. Research conducted by Cisco® Talos found that 93 percent of customer networks access websites that host malware.

Related News

DATA SECURITY

By Launching Threat Protection, NordVPN Entered the Antivirus Market

NordVPN | February 11, 2022

With the launching of Threat Protection, which is integrated into the NordVPN app, NordVPN, the world's largest VPN service provider, takes another step toward cementing its position as a market leader in cybersecurity. By preventing trackers, phishing attempts, invasive adverts, harmful websites, and corrupted files, this new function provides a complete defense against cyber threats. "At Nord Security, we know that cybersecurity evolves rapidly, and cybersecurity tools must evolve too. And as part of a broader effort to shift into a more encompassing cybersecurity company, introducing Threat Protection brings us one step closer," says Vykintas Maknickas, product strategist at NordVPN. "With the introduction of Threat Protection, we will be able to offer more services and more comprehensive protection that doesn't depend merely on your VPN connection." Threat Protection protects against three types of threats. Web trackers and malicious adverts, as well as hazardous websites and corrupted files, are among them. Web trackers and malicious ads Defending against trackers is often outside the scope of a VPN, which is where Threat Protection comes in. Threat Protection improves the overall web privacy experience by ultimately preventing trackers. In real-time, you can monitor and manage the blacklisted trackers. Harmful websites To avoid harmful websites, utilize Threat Protection while browsing the web. Before the page loading, Threat Protection displays a warning popup. This allows you to escape rather than proceed to a potentially hazardous site where you could be phished or have your info harvested. Infected files Threat Protection can also be the first line of security while downloading a file from the internet. It will scan the file for malware and, if none are found, it will be designated as safe without any interruptions. However, if malware is discovered, the file will be removed before it can cause any harm. You'll also get access to a log of scanned files that you may look at at any time. "Threat Protection takes what was once the task of antivirus software and merges it with NordVPN,Regardless of how long you have been using the internet, you can end up falling victim to some precarious website or download. This is exactly why Threat Protection was introduced — to add a layer of security to make your online browsing safer, cleaner, and more private." Vykintas Maknickas, product strategist at NordVPN Users must download the newest OpenVPN version of the NordVPN app from the official website to use Threat Protection. Users will be protected without connecting to a VPN server once the feature is enabled. Threat Protection is currently available for all macOS users, and Windows users will receive it gradually. NordVPN is a service provided by Nord Security. Nord Security is steadily progressing toward its goal of being an all-in-one cybersecurity solution. Three more market-leading products join NordVPN: NordLocker, an encrypted cloud storage solution; NordPass, a next-generation password manager; and NordLayer, an advanced network access security solution.

Read More

SOFTWARE SECURITY

Mandiant Recognized as a Large Provider of Cyber Security Incident Response Services by Independent Research Firm

Mandiant | December 03, 2021

-Mandiant, Inc. the leader in dynamic cyber defense and response, today announced its inclusion in the new Forrester report “Now Tech: Cybersecurity Incident Response Services, Q4 2021.” The report provides an overview of 36 cyber security incident response vendors segmented by capabilities, size, vertical focus and geographic footprint. The purpose of the report is to help security leaders better understand the value organizations can expect from incident response vendors and make more informed procurement decisions. Since 2004, Mandiant has been at the forefront of cyber security and cyber threat intelligence, enabling a deep understanding of both existing and emerging threat actors, as well as their rapidly changing tactics, techniques and procedures. Its expertise derived from more than 200,000 hours responding to attacks per year as well as its proven track record of working on large and highly publicized incidents uniquely qualifies the company to assist clients with all aspects of an incident response—from technical response to crisis management. With Mandiant, organizations can confidently investigate and remediate incidents faster and more efficiently, allowing them to quickly get back to what matters most—their business. “In today’s ever-evolving threat environment, it’s not a question of if an organization will become a target of a cyber attack, but rather when,And with attacks becoming more sophisticated, speed to detection and remediation are key to ensuring business continuity. Mandiant services combined with our cyber security SaaS platform—Mandiant Advantage—enable early threat insights, ensuring our customers can quickly identify, respond to and defend against cyber threats.” Jurgen Kutscher, Executive Vice President, Service Delivery, Mandiant About Mandiant, Inc. Since 2004, Mandiant has been a trusted partner to security-conscious organizations. Effective security is based on the right combination of expertise, intelligence, and adaptive technology, and the Mandiant Advantage SaaS platform scales decades of frontline experience and industry-leading threat intelligence to deliver a range of dynamic cyber defense solutions. Mandiant’s approach helps organizations develop more effective and efficient cyber security programs and instills confidence in their readiness to defend against and respond to cyber threats.

Read More

DATA SECURITY

Cylitic Security Chooses Swimlane to Deliver Enterprise-Grade Security Automation Services at Scale

Cylitic Security | November 15, 2021

Cylitic Security, a cyber security services provider, announced that it has chosen Swimlane, the leader in cloud-scale low-code security automation, to scale up its security operations. Cylitic is pioneering a comprehensive managed security service to help small to medium-sized businesses successfully fight off sophisticated cyberattacks. On average, Fortune 100 companies spend hundreds of millions of dollars annually on dedicated professional cybersecurity analysts, complicated tools, and technologies to continuously monitor their networks looking for anomalies and act in real-time to mitigate threats. Unfortunately, these capabilities are not always realistic for smaller entities. Security talent is expensive and sparse. Some cybersecurity technology vendors won't sell to smaller entities, which is also a disadvantage. Yet, cybersecurity is not a concern only prevalent amongst large-scale enterprises--nor are the associated challenges with keeping an organization secure. Cybersecurity is an industry-wide concern for businesses of all shapes and sizes. Deploying security automation systems can bring the sophistication of enterprise-scale systems to the SMB customer. Low-code security automation provides a robust application development capability for use cases that can be solved with simple drag-and-drop data entry and business logic to extremely complex, sophisticated solutions that meet the needs of the entire organization. Cylitic's purpose is to bring advanced security capabilities and expertise to small to medium-sized customers who normally otherwise wouldn't have this access. Cylitic is leveling the playing field against threat adversaries who specifically target smaller organizations. "We are excited to be partnering with Swimlane. Their platform allows us to scale our security service even further and helps us protect tens of thousands of mission-critical systems for smaller organizations. Technology like Swimlane is common in large, sophisticated Fortune ranked companies and Government agencies. This is yet another piece of the puzzle for Cylitic to democratize the state of technology and tactics for smaller organizations that don't have experienced cybersecurity teams," said Andrew Thornton, Cylitic Security's Chief Security Officer. "Today, every company is a technology company,Moreover, every company is experiencing the impacts of a global talent shortage, and simultaneously, security is having an unprecedented impact on businesses and their bottom line, making cybersecurity a company-wide issue. Together, Swimlane and Cylitic are bringing the power of the low-code security automation to the SMB market, providing a customer-first approach by combining security technology integrations with industry best practices to create market-ready solutions that accelerate time-to-value." Cody Cornell, co-founder, and chief strategy officer, Swimlane About Swimlane Swimlane is the leader in cloud-scale, low-code security automation. Supporting use cases beyond SOAR, Swimlane improves the ease with which security teams can overcome process and data fatigue, as well as chronic staffing shortages. Swimlane unlocks the potential of automation beyond the SOC by delivering a low-code platform that serves as the system of record for the entire security organization and enables anyone within the organization to contribute their knowledge and expertise to the protection of the organization. About Cylitic Cylitic Security provides cyber security technology and services. Collectively the Cylitic team has defended global Fortune companies and critical government systems. Cylitic combines best in class Silicon Valley engineering with exceptional security talent to create the next generation of managed security services. Cylitic's people + technology work synergistically to protect their customers around the clock. The Cylitic team is particularly proud to apply their skills and tools to help protect small mission critical companies.

Read More