How CSOs Can Protect Users from Phishing Attacks Related to COVID-19

Microsoft | May 12, 2020

  • The biggest threats are phishing attacks related to Covid-19 attackers are also setting up Covid-19-related domain names .

  • Remote users in particular are vulnerable to coronavirus-themed phishing attempts, malicious domains and repurposed malware .

  • Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed.


Attackers are using this time of crisis to go after victims with targeted campaigns. The biggest threats are phishing attacks related to Covid-19. Attackers are also setting up Covid-19-related domain names and enticing people to click on them. Anomali recently released a report that identified at least 15 distinct pandemic-related campaigns associated with 11 threat actors distributing 39 different malware families and employing 80 MITRE ATT&CK techniques. In January, the attacks typically were malicious emails that appeared to be notifications from welfare providers and public health sectors. Meanwhile in February, the attacks shifted to include remote access trojans (RATS).


CheckPoint reported in March an increase of fraudulent Covid-19-themed domains. In mid-March, researchers noted that attackers were mimicking the Johns Hopkins coronavirus map. Recently, Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted. In addition, Trickbot and Emotet malware are re-bundling and rebranding themselves to take advantage of the threats through reusing various lures, with roughly 60,000 emails including Covid-19-related malicious attachments or malicious URLs.



Learn more: CYBERSECURITY AND CORONAVIRUS: KEEPING YOUR BUSINESS SAFE .
 

“Microsoft noted several themed attack trends on the networks that it monitors, claiming that every country is seeing at least one pandemic-themed threat with China, the US and Russia the most targeted."

~ Microsoft say


Attackers are also impersonating official organisations to wiggle into user inboxes, while SmartScreen tracked more than 18,000 malicious Covid-19 themed URLs and IP addresses. Microsoft Office 365 Advanced Threat Protection (ATP) prevented a big phishing attack that intended to use a fictitious Office 365 sign-in page to harvest credentials. Furthermore, attackers have targeted health care businesses, prompting Microsoft to make its AccountGuard threat notification service available at no cost to healthcare providers and human rights and humanitarian organisations.

“Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials."


Phishlabs reported that cyber criminals are using Covid-19 related voicemail notifications to trick people to log in and steal credentials. Trustwave reported that Covid-19-themed business email compromise (BEC) scams are increasing. The UK's National Cyber Security Centre (NCSC) indicates that attackers also target remote access and home user entry points. Protect endpoints: Enable Microsoft Defender ATP, which is available with a Windows 10 E5 license or Microsoft 365 Enterprise licence, or a third-party endpoint protection tool. This includes home machines. Enable multi-factor authentication (MFA) for online Exchange and email: Microsoft recently pushed off disabling basic authentication as a result of the Covid-19 impact on organisations, a decision I disagree with. Attackers go after POP, IMAP and basic authentication on Office 365 targets.


They will use password spray attacks and password reuse to break into the network.This is why CSOs should disable basic or legacy authentication and support modern authentication. Also, security leaders must use conditional access policies to block older vulnerable authentication methods. Having MFA on email ensures that attackers can’t use the easy attacks on an organisation. CSOs can set a rule that anyone logging in from the static IP addresses of the office locations are not prompted by MFA prompts, ensuring that this protection is focused on remote entry points that attackers target the most. Also, security leaders must consider adding geographic log in limitations via conditional access rules to better protect your network as well.


Learn more: THE CORONAVIRUS IS ALREADY TAKING EFFECT ON CYBER SECURITY– THIS IS HOW CISOS SHOULD PREPARE .
 

Spotlight

IBM invited C-level executives from some of IBM Security’s biggest clients to the 2015 IBM Security Summit to explore new ways to think about security in three important areas: technology, policy, and leadership. Ginni Rometty, Chairman, President, and CEO, IBM, kicked off the IBM Security Summit event by discussing security as a board-level issue, and the new way that businesses must think about security.


Other News
ENTERPRISE IDENTITY,PLATFORM SECURITY,SOFTWARE SECURITY

Safe Security Introduces Free Assessments to Provide Trusted Financial Risk Calculations for Cyber Attacks and Cyber Insurance Discussions

Safe Security | August 17, 2022

Safe Security, a global leader in cybersecurity risk quantification and management, today announced two industry-first assessment tools to empower organizations to make holistic financial decisions based on their actual cyber risk. At no cost, organizations can access Safe Security’s Interactive Cost Calculator, as well as the Cyberinsurance Assessment, which are designed to enable data-driven discussions about risk and coverage requirements. “Executive leadership from the CEO and board members, to CISOs, risk teams, and CFOs are asking questions like, ‘how much will a cyber attack cost us?’ Or, ‘how much should our cyber insurance cost?’ Today, those leaders either do not have a financial figure at all or possess a financial figure from a ‘black-box’ approach that they can’t explain or trust,” said Saket Modi, co-founder and CEO of Safe Security. “Based on our research, Safe Security is offering organizations the opportunity to understand the financial impact of a cyber attack with full visibility into how the assessment is calculated so you can trust and explain the numbers. Knowledge is power, and our mission is to arm you with an unbiased assessment that can be used for risk discussions and insurance negotiations.” Interactive Cost Calculator for Cyber Attacks Safe Security’s Interactive Cost Calculator for cyber attacks is a free, tunable calculator that enables organizations to understand their potential financial risk due to a cyber attack, such as ransomware. The easy-to-use assessment gathers specific inputs about the company, and provides a cost estimate based on Safe Security’s cost model that takes into account cost drivers associated with security incidents. The output can be customized to the parameters of an organization to further refine the estimate. Inside-Out Cyberinsurance Assessment Safe Security’s Inside-Out Cyberinsurance Assessment helps companies better understand their cyber health and reduce premiums. Cyber insurance premiums keep rising despite increasing cybersecurity investments. Companies can gain specific guidance on how their cybersecurity risk posture compares to others in the same industry, how much coverage they need, and the top actions they should take to ensure a successful cyber insurance renewal. The SAFE platform runs a cyber risk assessment based on the following data points: API feeds from the organization’s internal technology environment Maturity of the organization’s cybersecurity policies and products About Safe Security Safe Security is a leader in cybersecurity and digital business risk quantification management, with a mission to build a safer digital future. Safe’s cyber risk quantification and management (CRQM) platform enables organizations to manage cyber risks in real-time. Its platform automatically collects signals from inside and outside a company’s environment to give the company-specific cyber risk rating, or SAFE Score, the financial impact of a potential breach, and an action plan. This enables organizations to have a common language across teams - from the board all the way down to an analyst - to align with a consistent risk metric. Other benefits include justifying investments in cybersecurity and purchase of cyber insurance for the organization.

Read More

PLATFORM SECURITY

Talon Cyber Security Announces $100M in Series A Funding to Redefine Security for the Future of Work

Talon Cyber Security | August 04, 2022

Talon Cyber Security, the leading secure enterprise browser provider, today announced $100 million in Series A funding, led by Evolution Equity Partners, with participation from Ballistic Ventures, CrowdStrike’s Falcon Fund, Merlin Ventures, SYN Ventures and previous investors CrowdStrike co-founder and CEO George Kurtz, Lightspeed Venture Partners, Sorenson Ventures and Team8. The funds will be used to accelerate go-to-market efforts to meet the increasing global demand for Talon’s secure enterprise browser, TalonWork, and deliver new product enhancements to continuously improve security for modern workforces. As organizations have embraced distributed work for employees and contractors, the reliance on SaaS applications has risen, and security needs have evolved drastically. The traditional ways of enabling secure access to enterprise applications are complex, expensive, and put organizations at risk. The TalonWork browser simplifies security by allowing secure access to corporate applications and data on any device, managed or unmanaged, and on any operating system. With Talon, security teams benefit from deep visibility into browser and application activity, as well as native security features like authentication, data loss prevention and Zero Trust controls. Based on Chromium, TalonWork delivers the consistent and familiar user experiences expected by today’s workers, fostering productivity across the enterprise. “We have built the team and technology to redefine and power security for the future of work – a future where security is delivered naturally through the enterprise’s most heavily-used application: the browser. “The world and the applications the largest organizations rely on are moving to the web, creating an extensive need for a vehicle that can provide secure access without changing the way work is conducted. This new funding will allow us to continue to show why that vehicle is Talon’s secure enterprise browser.” Ofer Ben-Noon, co-founder and CEO, Talon Cyber Security Co-founded by Ben-Noon and CTO Ohad Bobrov, Talon was named the winner of the Innovation Sandbox Contest at RSA Conference 2022, and has demonstrated unrivaled market and technical leadership since launching the industry’s first secure enterprise browser in October 2021. The company’s recent momentum includes numerous customer deployments at large organizations, the release of the industry’s first secure enterprise browser for mobile devices, and established partnerships with the two leaders in endpoint security: CrowdStrike and Microsoft. The round includes the conversion of $17 million in SAFE (Simple Agreement for Future Equity) investments announced earlier this year into A round shares, bringing Talon’s total amount raised to over $126 million. As part of today’s announcement, Richard Seewald, Founder and Managing Partner of Evolution Equity Partners, is joining Talon’s board of directors. “In cybersecurity, the word innovative gets thrown around often, but with Talon, it is a perfect descriptor,” said Richard Seewald, Founder and Managing Partner, Evolution Equity Partners. “I have never seen a company create and lead a category with such authority, and experience such impressive traction with customers so quickly. Talon has the potential to become one of the leading companies in the broader security industry, and it’s an honor to help them on their journey.” “Today’s threat environment is complex, but an organization’s approach to security should not be,” said George Kurtz, co-founder and CEO, CrowdStrike. “By delivering enterprise-grade security through the TalonWork browser, Talon makes security simple and effective for its customers.” “When we launched Ballistic, we made it our mission to find and partner with companies that have the technology and what it takes to change the trajectory of cybersecurity, and Talon fits this bill perfectly,” said Jake Seid, co-founder and General Partner, Ballistic Ventures. “The browser has fundamentally become the most important tool for today's workforce. Talon’s secure enterprise browser does something few security products do. It offers the trifecta of strong security, seamless end-user experience, and low cost and complexity for the enterprise. Talon’s team and solution are some of the strongest I have ever come across, and this financing will help propel the company to new heights.” “From my time as a CISO and now as an investment partner for leading security companies, I have evaluated countless technologies,” said Jay Leek, co-founder and Managing Partner, SYN Ventures. “The widespread problem that Talon addresses and the time to value of its technology is beyond impressive – it's a game changer. I’m thrilled to have the opportunity to work with the company and help accelerate its growth.” About Talon Cyber Security Talon Cyber Security is modernizing security programs and improving user experiences for hybrid work by delivering the first secure enterprise browser. Built on Chromium, the TalonWork browser provides customers with the consistent user experiences, deep security visibility, and control over SaaS and web applications needed to simplify security for the future of work. Talon was named the Most Innovative Startup of 2022 at the prestigious RSA Conference Innovation Sandbox Contest.

Read More

DATA SECURITY,PLATFORM SECURITY

Resecurity Named as One of America's Fastest-Growing Private Cybersecurity Companies by Inc. Magazine

Resecurity | August 19, 2022

Resecurity, Inc., a cybersecurity company based in Los Angeles, California, was recently recognized by Inc. magazine's annual Inc. 5000 list, the most prestigious ranking of the nation's fastest-growing private companies. Ranked as one of the fastest-growing private cybersecurity companies, Resecurity was number 2477 on the list for achieving 234 percent of revenue growth in past three years. The list represents a unique look at the most successful companies within the American economy's most dynamic segment—its independent small businesses. Intuit, Zappos, Under Armour, Microsoft, Patagonia, and many other well-known names gained their first national exposure as honorees on the Inc. 5000. Among the 5,000, the average median three-year growth rate soared to 230 percent and total revenue reached $317.2 billion. Together, those companies added more than one million jobs over the past three years. The recognition comes after a record year for the company, including a recent acquisition of Cybit Sec, a vulnerability assessment and penetration testing company, and the launch of their latest product offering, the Digital Identity Protection Platform. Resecurity has fueled its growth with strategic investments into R&D, expanding its international and channel sales presence, and scaling its industry partnerships. "The Inc. 5000 list is home to some of the most innovative companies in the market today. Resecurity is proud to have earned a top spot on this prestigious list. This growth is a testament to cybersecurity's critical role in the future. We're committed to accelerating this growth with strategic partnerships and investments in R&D, allowing us to help more individuals and enterprises combat ever-evolving cyber threats." Gene Yoo, Resecurity CEO Resecurity's SaaS solution combines XDR/endpoint protection, cyber threat intelligence and digital risk management, enabling customers ranging from Fortune 500 corporations to governments to protect their ecosystem. The innovative platform allows administrators to reduce potential blind spots and security gaps by quickly seeing in-depth analysis and specific artifacts obtained through the dark web, botnets activity, network intelligence and high-quality threat intelligence data. "The accomplishment of building one of the fastest-growing companies in the U.S., in light of recent economic roadblocks, cannot be overstated," says Scott Omelianuk, editor-in-chief of Inc. "Inc. is thrilled to honor the companies that have established themselves through innovation, hard work, and rising to the challenges of today." Methodology Companies on the 2022 Inc. 5000 are ranked according to percentage revenue growth from 2018 to 2021. To qualify, companies must have been founded and generating revenue by March 31, 2018. They must be U.S.-based, privately held, for-profit, and independent--not subsidiaries or divisions of other companies--as of December 31, 2021. (Since then, some on the list may have gone public or been acquired.) The minimum revenue required for 2018 is $100,000; the minimum for 2021 is $2 million. As always, Inc. reserves the right to decline applicants for subjective reasons. Growth rates used to determine company rankings were calculated to four decimal places. About Resecurity Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named as one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine. An Official Member of Infragard, AFCEA, NDIA, SIA, FS-ISAC, the American Chamber of Commerce in Saudi Arabia (AmChamKSA) and Mexico (AmChamMX).

Read More

PLATFORM SECURITY

Resecurity® Brings Cyber Threat Intelligence to Microsoft Azure

Resecurity | July 01, 2022

Resecurity, a cybersecurity and intelligence company, today announced its award-winning cybersecurity threat intelligence and risk monitoring platform is now available on Microsoft's Azure Marketplace. Microsoft's Azure Marketplace is the most comprehensive marketplace on the planet, offering thousands of certified cloud applications and software to over four million active users and subscribers. With cyber-risk ranking as a top concern for CEOs and business owners1, enterprises are looking for additional support to secure and manage the evolving cyber threatscape. More importantly, they're looking for trusted vendors who provide scalable, secure solutions that can work inside existing operating systems. Today, nearly 70 percent of organizations worldwide use Microsoft Azure for their cloud services.2 By joining the Microsoft Azure marketplace, Resecurity's software solutions will be easily accessible to the millions of Microsoft Azure customers needing comprehensive cybersecurity management and monitoring. "Enterprises continue to battle increasing cyber threats emerging from the Dark Web and ransomware groups targeting cloud services. Trusted partners like Microsoft Azure have enabled organizations to confidently bring in the cybersecurity expertise and solutions they need to protect their ecosystems. "Resecurity is dedicated to helping organizations worldwide mitigate these risks with our reliable, scalable and accessible cybersecurity and threat intelligence software." Gene Yoo, CEO of Resecurity Resecurity's AI-powered solutions provide proactive alerts and comprehensive visibility of digital risks targeting the enterprise ecosystem. The innovative platform allows administrators to reduce potential blind spots and security gaps by quickly seeing in-depth analysis and specific artifacts obtained through the dark web, botnets activity, network intelligence and high-quality threat intelligence data. Microsoft Azure users who integrate Resecurity into their cybersecurity strategy will benefit from: Around-the-clock security monitoring of your cloud workloads and enterprise ecosystem, In-depth risk evaluation of the entire enterprise ecosystem (Dark Web, Compromised Accounts, Data Leaks, Network Hygiene, Cloud Security, etc.), A scalable software solution that can monitor a digital footprint of any size (Domains, Network Ranges, Cloud-based Nodes), AI-powered threat intelligence that leverages Rescurity's Dark Web intelligence repositories with over 3.4 billion records and cyber intelligence analysts deployed across all continents, Contextualized risk alerts and data-backed suggested actions to enable a proactive security strategy.Just recently Resecurity has been named a gold winner by the 2022 Cybersecurity Excellence Awards in North America. Resecurity's products and services received Gold recognition across 3 categories in highly competitive nominations such as cyber threat intelligence (CTI), threat hunting, and third-party risk management (TPRM). Just recently Resecurity has been named a gold winner by the 2022 Cybersecurity Excellence Awards in North America. Resecurity's products and services received Gold recognition across 3 categories in highly competitive nominations such as cyber threat intelligence (CTI), threat hunting, and third-party risk management (TPRM). About Resecurity Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence. Known for providing best-of-breed data-driven intelligence solutions, Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks. Founded in 2016, it has been globally recognized as one of the world's most innovative cybersecurity companies with the sole mission of enabling organizations to combat cyber threats regardless of how sophisticated they are. Most recently, Resecurity was named as one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California by Inc. Magazine. An Official Member of Infragard, AFCEA, NDIA, SIA and FS-ISAC.

Read More

Spotlight

IBM invited C-level executives from some of IBM Security’s biggest clients to the 2015 IBM Security Summit to explore new ways to think about security in three important areas: technology, policy, and leadership. Ginni Rometty, Chairman, President, and CEO, IBM, kicked off the IBM Security Summit event by discussing security as a board-level issue, and the new way that businesses must think about security.

Resources