IcePick-3PC Malware Strain Steals Device IPs

Infosecurity Magazine | January 09, 2019

IcePick-3PC Malware Strain Steals Device IPs
IcePick-3PC has impacted a range of businesses, from publishers to e-commerce, across a variety of industries, including retail and healthcare, according to researchers from The Media Trust’s digital security and operations (DSO) team. The malware strain was first identified in spring 2018 and is able to steal device IPs en masse. When it was initially detected, IcePick-3PC was used to spam device owners using phishing in a campaign that fraudulently offered gift cards from big-name retailers, such as Amazon and Walmart, in return for users sharing their personal information. In a January 9, 2019, blog post, researchers explained that a website’s third-party tools are designed to incorporate interactive web content, such as animation via HTML5, and are loaded onto client platforms by self-service agencies. In the attack, which has affected more than 100 clients, IcePick-3PC executes after malware writers successfully hijack a website’s third-party tools.

Spotlight

Cyber security breaches are rarely out of the media’s eye. As adversary sophistication increases, many organizations react when it is too late – the attack is underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost effective1  and customer focused.

Spotlight

Cyber security breaches are rarely out of the media’s eye. As adversary sophistication increases, many organizations react when it is too late – the attack is underway. Few organizations have the capability to anticipate cyber threats and implement preventative strategies, despite prevention being more cost effective1  and customer focused.

Related News

DATA SECURITY

Arctic Wolf Security Operations Cloud Reaches Massive Scale and a Global Footprint

Arctic Wolf | November 09, 2021

-Arctic Wolf®, a leader in security operations, today announced the global expansion of its industry-leading cloud-native platform, the Arctic Wolf Security Operations Cloud, to provide customers and partners with unified visibility, protection, and automation, through a growing number of technical integrations. With the establishment of a European Security Operations Center (SOC) in Frankfurt, Germany, Arctic Wolf customers in any location, will have full flexibility in how their native security solution data is stored and accessed to aid in their compliance with local and international data governance regulations. Built on an open XDR architecture, the Arctic Wolf Security Operations Cloud has scaled to ingest, parse, enrich, and analyze over 1.6 trillion security events and 1.3 petabytes of data each week from over one million licensed users at 2,000 global customers. By leveraging machine learning and artificial intelligence the Arctic Wolf Security Operations Cloud now processes events at an equivalent or greater rate than that of other market-defining cloud platforms. This momentum is driven by a strong uptick in demand for the technology in the enterprise market, demonstrated by Arctic Wolf’s 510% year-over-year large enterprise ARR growth in the first quarter of the fiscal year. Unlike the rest of the industry that is just now starting to parse solutions to integrate data from multiple attack surfaces, Arctic Wolf’s platform was built from day one on a cloud-native architecture that seamlessly ingests data from endpoint, network, identity, and cloud sources to deliver automated threat detection and response at scale. This unification of an organization’s security data ensures only verified security incidents are escalated to customers, effectively eliminating alert fatigue, and ensuring internal security resources have the time needed to focus on hardening their overall security posture. Powering Security Operations at a Global Scale To further support Arctic Wolf’s ongoing global expansion, the company has leveraged the scalability and extensibility of the AWS public cloud infrastructure, providing new customers the ability to have their native security solution data hosted within the Arctic Wolf Security Operations Cloud in their choice of the United States, Germany, or Canada. With five SOCs spread across North America and Europe, as well as a growing team of remote security analysts, organizations within Arctic Wolf’s global customer base can have confidence that the Arctic Wolf Concierge Delivery Model aligns with the needs of their compliance requirements on their security journey to end cyber risk. Delivering Critical Outcomes Across the Entire Security Operations Framework The massive growth in the power and scale of the Arctic Wolf Security Operations Cloud has been pushed by explosive market demand for security operations, which has resulted in the company doubling its sales for eight consecutive years and achieving a $4.3B valuation as part of a $150M Series F funding round in July. In addition to the business expansion driving the momentum of its cloud-native platform, Arctic Wolf has also made aggressive investments in ecosystem integrations, resulting in the Arctic Wolf Security Operations Cloud adding support for dozens of new security data sources over the last year. Arctic Wolf’s universal and unlimited approach to data ingestion allows customers to gain visibility and control over historically disparate security solutions, while removing the need for security leaders to choose which data sources are important or cost-effective to monitor. Supporting Quotes: “While every other aspect of the modern technology stack has a category-defining platform —think Salesforce, ServiceNow, and Workday— no one in cybersecurity has managed to unify the market and produce a true platform that serves all security operations use cases for midsize and enterprise customers,The Arctic Wolf Security Operations Cloud delivers exactly that – the unified security operations experience that owns the outcome for the customer, and our new global footprint makes it easier than ever for organizations to have full control over where their native security solution data is stored.” Nick Schneider, president and chief executive officer of Arctic Wolf “Accelerated digital transformation and the shift to cloud-based solutions require organizations to rethink data protection strategies and upscale their data security infrastructures to meet the ever-evolving privacy and data compliance landscape,” said Duncan Brown, vice president, European Enterprise Research, IDC. “This trend is global in nature and in Europe, in particular, we are seeing a rapid movement to adopt cloud environments. The vendors who will lead the market in that change will need to demonstrate a proven track record in delivering a mature, global cloud model that meets data sovereignty requirements without compromising speed and scalability.” With the Security Operations Cloud, Arctic Wolf is the first to deliver a cloud-based platform that gives organizations the protection, resilience, and guidance they need to defend against cyber threats, including Managed Detection and Response (MDR), Managed Risk, Cloud Security Posture Management (CSPM), and Managed Security Awareness —each delivered by the unique concierge delivery model. About Arctic Wolf: Arctic Wolf® is a global leader in security operations, delivering the first cloud-native security operations platform to end cyber risk. Powered by threat telemetry spanning endpoint, network, and cloud sources, the Arctic Wolf® Security Operations Cloud ingests and analyzes more than 1.6 trillion security events a week across the globe, enabling critical outcomes for most security use cases and optimizing customers’ disparate security solutions. Now deployed to more than 2,000 customers worldwide, the Arctic Wolf® Platform delivers automated threat detection and response at scale, and empowers organizations of any size to stand up world-class security operations with the push of a button.

Read More

Vectra expands intelligent cyberattack detection and response capabilities with CrowdStrike

prnewswire | October 15, 2020

Vectra AI, a leader in network detection and response (NDR), today announced expanded response capabilities for its flagship product, Cognito Detect™ using its Lockdown feature, made possible by integrating with CrowdStrike® Falcon Insight, CrowdStrike's industry-leading endpoint and detection and response solution.This deep product integration enables Vectra® to deliver well-coordinated, instantaneous responses to thwart cyberattacks directly at the device level. By blocking and isolating attackers, not resources, Lockdown gives customers the ability to significantly reduce cyberthreat actor dwell-time without disrupting business operations.

Read More

DATA SECURITY

IronNet launches AWS Marketplace Premium Professional Services

prnewswire | December 09, 2020

IronNet Cybersecurity, an innovator in Network Detection and Response and Collective Defense, reported today that it is one of the principal Amazon Web Services (AWS) autonomous programming sellers to offer its expert administrations in AWS Marketplace. AWS clients would now be able to discover and buy Red Team, Hunt, and Security Advisory administrations from IronNet in AWS Marketplace, a curated computerized list of programming, information, and administrations that makes it simple to discover, test, purchase, and convey programming and information items that sudden spike in demand for AWS. IronNet offers AWS clients the capacity to handily cite and agreement benefits in AWS Marketplace that assist clients with surveying their cloud and organization security. Inside AWS Marketplace, AWS clients can likewise investigate IronNet's security arrangements, which help ensure undertakings against the most basic digital dangers focusing on enterprises today. As associations relocate to the cloud, they are searching for top tier security capacities and expert administrations, similar to those offered by IronNet. With proficient administrations from IronNet accessible in AWS Marketplace, clients have an improved method to buy and be charged for both programming and related administrations in a brought together spot. Clients can additionally smooth out their acquisition of programming with standard agreement terms to improve and quicken acquirement cycles. "IronNet is honored to participate in this launch and to offer our professional services through AWS Marketplace," said IronNet co-CEO Bill Welch. "Our team is dedicated to helping companies evaluate their overall cybersecurity posture and develop customized strategies to enhance their defenses with our Network Detection and Response and Collective Defense capabilities. We're pleased to be able to make it as easy as possible for AWS customers to obtain these critical services and software from one centralized location, in AWS Marketplace." About IronNet Cybersecurity Founded in 2014 by GEN (Ret.) Keith Alexander, the former Director of the National Security Agency and Founding Commander of United States Cyber Command, IronNet Cybersecurity is a global security leader that revolutionizes how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing a large number of former NSA and U.S. Cyber Command cybersecurity operators with offensive and defensive cyber experience in both the government and the private sector, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing enterprises today.

Read More