Leveraging Threat Intelligence to Tackle Cyberthreats in Times of COVID-19

Microsoft | June 16, 2020

  • Each year Microsoft releases its Security Endpoint Threat Report, which offers critical insights into cyber threat vectors identified by analysing.

  • Developed countries can largely be attributed to the varying levels of technological development and cyber hygiene practices, including the extent of the usage of genuine software across the region.

  • According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack.


In Asia Pacific, we leverage this data to analyze local trends in the ever-evolving threat landscape. The latest report, which covered a 12-month period from January to December 2019, revealed that developing markets in the region were most challenged by ransomware and malware encounters. In contrast, the developed markets struggled with an increased volume of drive-by download attacks. Within the region, the difference between developing and developed countries can largely be attributed to the varying levels of technological development and cyber hygiene practices, including the extent of the usage of genuine software across the region.


According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack, and, of the millions of targeted messages we see each day, roughly 60,000 involve COVID-19 related malicious attachments or malicious URLs, including attackers impersonating established entities like the World Health Organization (WHO) and other health related oragnizations to leverage these organizations’ credibility to trick people into clicking on links in unsolicited emails.



Read more: CYBERATTACKS ON CRITICAL INFRASTRUCTURES WITNESS SHARP RISE DURING THE PANDEMIC

According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack, and, of the millions of targeted messages .

~ Microsoft


In 2020, however, like almost everything else, the global COVID-19 pandemic has upended the playing field, accounting for new risks and trends impacting the volume and nature of the attack vectors. Cybersecurity awareness is particularly crucial at this time, as cyber criminals have taken advantage of the global situation. With business continuity and operational resilience at stake, awareness of key cybersecurity considerations is crucial, as many organizations look at a long-term shift towards work from home.


Security has proven to be the foundation for digital empowerment in a remote workforce. Cloud-based endpoint protection technology enables employees to work when, where, and how they need to work and can allow them to use the devices and apps they find most useful to get their work done. After all, security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.


As organizations adapt to the new reality and its cybersecurity implications, there is an equally critical, if not higher, need to educate employees so they don’t become the weakest link in the security chain.


Over the past two years, Zero Trust has emerged as a key security philosophy for businesses. COVID-19 has allowed for a real-life demonstration of why it’s important. Companies relying on traditional ideas of securing workers through “walls and moats” at the perimeter (aka firewalls) were both more susceptible to COVID-19 themed threats and were less able to meet the demands of a newly remote workforce.


Zero Trust shifted from an option to a business imperative in the first 10 days of the pandemic. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey whether they know it or not. Diverse data for better threat intelligence – A blend of automated tools and human based insights are needed to identify new COVID-19 themed threats. With adversaries adding new pandemic themed lures to their phishing attacks, organizations need to bolster their security foundation with strong threat intelligence, which is derived from analyzing a diverse set of products, services and feeds from around the globe.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

In this video, the Microsoft Cyber Defense Operations Center shares some best practices for protecting your information and privacy against cyberattacks and online threats, such as classifying information and then putting appropriate protections in place based on its value. Some information is meant to be public, some data is sensitive but not highly valued to outside entities, but some data is mission critical and/or could cause tremendous financial hardship if shared externally. This video shares some of the policies and practices that can be used to better protect information and data inside and outside of your operational perimeters.


Other News
DATA SECURITY, ENTERPRISE IDENTITY, SOFTWARE SECURITY

SynSaber Adds New Dynamic Pipeline to OT Cybersecurity Platform

SynSaber | October 21, 2022

SynSaber, an early-stage ICS/OT cybersecurity and asset monitoring company, today announced the addition of a new Dynamic Pipeline feature to the company's platform, providing customers with improved scalability and flexibility. Building upon the product launched in February 2022, this update includes a comprehensive set of features and capabilities to collect, analyze, and curate data at the OT edge. SynSaber was purpose-built to bring edge visibility to industrial networks (oil and gas, water and electric utilities, advanced manufacturing) so that organizations can deploy and scale rapidly, integrate with current technology, and detect threats to protect business-critical assets. "SynSaber partners with some of the most important critical infrastructure operators in the nation to protect and provide visibility into how ICS/OT assets are exposed to potential cyber attacks. "With our latest update to the platform, customers are now able to extend visibility and flexibility throughout the organization for cybersecurity to act as a business continuity vehicle and empower operators and asset owners to prevent any operational disruption." Jori VanAntwerp, Co-Founder/CEO of SynSaber Dynamic Pipeline 's Key Benefits: Users can modify data sources, processors, and destinations in real-time, enabling dynamic configuration changes without interruption to visibility. Pipeline configuration can be modified and deployed within SynSaber's visual-based interface. The ability to dynamically configure Saber sensors from a visual-based interface allows for greater control and ease of access. In addition to the improved scalability and flexibility the dynamic pipeline provides, the v1.1.0 update includes enhancements to some of the existing features from SynSaber version v1.0.0. These feature improvements include: Custom flow module enables near real-time processing and analysis of data and asset identification. Improved Syslog support allows fast and efficient communication with existing infrastructure and technologies. About SynSaber SynSaber is the simple, flexible, and scalable industrial asset and network monitoring solution that provides continuous insight into the status, vulnerabilities, and threats across every point in the industrial ecosystem, empowering operators to observe, detect and defend OT/IT systems and protect critical infrastructure. SynSaber is privately held with funding from SYN Ventures, Rally Ventures, and Cyber Mentor Fund.

Read More

DATA SECURITY, NETWORK THREAT DETECTION, PLATFORM SECURITY

IronYun® Announces Integration with Genetec™ Security Center Designed For Comprehensive Visual Intelligence

IronYun | November 01, 2022

IronYun Inc., a leader in AI vision for security, safety and operational applications, today announced the integration of the award winning Vaidio AI Vision Platform with Genetec™ Security Center. Genetec customers can now add advanced, accurate, and field-proven AI video analytics to their existing infrastructure, to improve security, safety, and operational efficiency. "Integrating Vaidio with Security Center makes it easy to add advanced artificial intelligence to existing infrastructure to increase functionality and make security operations even more effective and efficient." Paul Sun, IronYun CEO With the ability to analyze video from Security Center and to seamlessly feed alerts and notifications into the Security Center interface, the Vaidio AI Vision Platform continues to build on an award-winning foundation. Vaidio won the 2020 New Product Showcase for Commercial Monitoring and received two New Product Showcase Awards in 2021 for Mobile Applications and Video Analytics. Also in 2021, IronYun partnered with DP World and Verizon to study Vaidio AI Vision in port and warehouse safety and operational applications. In addition, IronYun was recognized as a Major Player in IDC's Worldwide Video Analytics MarketScape as "a good decision for enterprises that have extensive video surveillance capabilities and want to upgrade to advanced analytics that incorporate the latest technology." The Vaidio AI Vision Platform is an open software platform that can be deployed on-prem on servers, on edge devices, and/or in the cloud. Vaidio orchestrates multiple next-generation AI video analytics engines to provide such functions as video search, intrusion detection, license plate recognition, face search and recognition, people and vehicle counting, vehicle make and model recognition, social health analytics, and many others. Vaidio works with any IP camera and integrates out of the box with Genetec Security Center. Vaidio AI monitors real-time video streams with superhuman accuracy, and accelerates forensic video search of stored video. The platform offers the flexibility to purchase only needed analytics, with the option to run multiple analytics on a single camera, and to add more analytic functionality over time. Vaidio's optimized, next-generation AI vision algorithms maximize hardware resource efficiency, to effectively lower overall solution costs relative to competitive alternatives. The latest Vaidio releases add new AI-enabled safety detection, privacy blurring and associated data and user management features, a fully featured parking management application, (the first 3rd party application developed on the Vaidio platform), Vaidio Data, a robust business intelligence engine, and Vaidio Command Center, for centralized management of complex, distributed, large scale environments. About Vaidio The Vaidio AI Vision Platform offers 30 AI -enabled next-generation video analytics functions for security, safety, access control and operational applications. Vaidio is an open platform that works with any IP camera, scales from 1 to 1,000s of cameras, and integrates with market leading VMSs for real-time, forensic and holistic situational awareness. The Vaidio Platform is differentiated by higher accuracy and greater resource efficiency across a vast array of advanced AI-enabled video analytics. Relative to competitive alternatives, Vaidio can reduce hardware requirements up to 80%, and false alerts up to 99.995% -- reducing both up front and long-term operating costs. About IronYun IronYun has evolved the artificial intelligence at the core of the Vaidio Platform to create a resource-efficient, open platform that is field-proven to maximize accuracy and performance across the industry's broadest array of analytics functions. We are NDAA approved, headquartered in Stamford, CT, and our Vaidio Platform is deployed across tens of thousands of cameras for government, healthcare, education, retail, transit and enterprise customers worldwide.

Read More

DATA SECURITY, PLATFORM SECURITY, SECURITY AUDIT AND COMPLIANCE

CrowdStrike and EY Expand Global Alliance to Deliver Cloud Security and Observability Services

CrowdStrike | October 27, 2022

CrowdStri, a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, and Ernst & Young LLP (EY US), a leading organization in cyber risk consulting services, today announced an expanded relationship to deliver Cloud Security and Observability services globally, powered by the CrowdStrike Falcon platform. This collaboration expands on existing services previously announced including: Ransomware Readiness and Resilience; Incident Response (IR), Recovery and Remediation; Identity Assessment; and Zero Trust capabilities. “The CrowdStrike-EY Alliance combines CrowdStrike’s leading cloud security and observability solutions with the transformational consulting capabilities and services provided by EY,” said Michael Rogers, vice president of global alliances at CrowdStrike. “Our expanded alliance now provides joint customers the ability to secure their cloud workloads with CrowdStrike Cloud Security, as well as ingest their log and event data at scale with CrowdStrike Falcon LogScale, providing real-time visibility to better understand and assess issues in their infrastructure environments.” “Cloud security and observability continue to be key priorities for our clients. Our expanded alliance with CrowdStrike is critical in helping organizations address new and emerging threats,” said Dave Burg, EY Americas Cybersecurity Leader. “As a result of this relationship expansion, EY will implement CrowdStrike Cloud Security and CrowdStrike Falcon LogScale to help clients confidently secure their cloud workloads and operationalize the data they are generating for increased visibility.” Cloud Security The EY Cloud Security service offering leverages CrowdStrike Cloud Security, a CNAPP solution with agent-based and agentless protection, with EY’s cybersecurity professionals to accelerate the journey of clients through alignment and implementation of appropriate controls as part of the shared responsibility model. This enables DevOps and infrastructure runtime scanning teams to: Securely move to the cloud: Build a secure and compliant path to production by assessing, architecting, implementing and optimizing key cloud security controls, whether hybrid or multi-cloud. Secure business-critical workloads: Reduce the overhead, friction and complexity associated with protecting cloud workloads, containers and serverless environments, and transform the lengthy risk and audit processes into automated and continuous ones. Shift left securely: Automate the secure development of cloud-native applications, delivering full-stack protection and compliance for containers, Kubernetes and hosts across the container lifecycle. Observability The EY NextGen SOC service offering utilizes CrowdStrike Falcon LogScale, a modern log management solution, with EY’s SOC transformation practice to help clients – such as Mondelēz International – transform and optimize their cyber risk management operations practices by assessing, designing, building, improving, operating and automating their security operations and cyber defense capabilities. This enables DevOps, SecOps and IT Ops teams to: Decrease mean time to detection (MTTD): Evaluate all security use cases with EY’s SOC Transformation services and optimize them with Falcon LogScale, which provides real-time streaming, searching and alerting. Reduce complexity and increase visibility: Spend less time managing and maintaining disparate environments and more time triaging incidents with Falcon LogScale, which centralizes all logs in a single dashboard and reduces the time spent filtering data. EY can guide clients in maximizing their most important resource – people. Lower total cost of ownership (TCO): Remove the limitations present in traditional logging solutions by leveraging Falcon LogScale’s index-free architecture, which provides seamless data ingestion, reduced infrastructure costs and lower operational costs. EY can help clients to reduce their TCO and drive relevant business insights by assisting in their identification and prioritization of their capital and operational investments. “EY and CrowdStrike Falcon LogScale have enabled a global, multi-functional log management solution for our growing IT, security and compliance requirements,” said Kostas Georgakopoulos, CTO & CISO at Mondelēz International. The Cloud Security and Observability services are generally available for customers. About CrowdStrike CrowdStrike, a global cybersecurity leader, has redefined modern security with one of the world’s most advanced cloud-native platforms for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data. Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Read More

DATA SECURITY, NETWORK THREAT DETECTION, PLATFORM SECURITY

OpenText Teams with NetScaler to Deliver Advanced Web Application Protection

OpenText | October 13, 2022

OpenText™ , today announced the integration of its BrightCloud Threat Intelligence with NetScaler Application Delivery Controller (ADC). The move will provide NetScaler customers with contextual insights and automatically protect against malicious IP addresses to improve their resilience in managing the latest security threats. NetScaler ADC and WAF protect customers from known and zero-day application attacks with a comprehensive security solution for web applications and Application Programming Interfaces (APIs) both on-premises and in the cloud. With the BrightCloud IP Reputation Service as its threat intelligence source, NetScaler can efficiently inspect client requests for attack traffic by filtering against known malicious IP addresses. NetScaler's research shows that BrightCloud IP Reputation Service offers the most comprehensive database of known problematic IP addresses. In fact, BrightCloud Threat Intelligence is used within nearly 85 percent of security solutions purchased by enterprises. "While filtering requests with malicious IP addresses is an effective method to protect applications from attacks, it can be a huge lift and increase inspection overhead. NetScaler came to us for a solution to this challenge that would save their customers time and be easy to operate and reliable. "Our BrightCloud IP Reputation Service easily integrates with any NetScaler ADC function, so that customers always have the most up-to-date threat intelligence at their fingertips. We are thrilled to partner with NetScaler to help improve the security posture of its customer base." Ted Harrison, EVP, Worldwide Enterprise Sales, OpenText Security Solutions With attack sources changing constantly, near real-time updates provided by BrightCloud are critical to safeguard NetScaler customers. Using BrightCloud IP Reputation Service, NetScaler can block application access to from IP addresses that are known, based on BrightCloud data, to be infected. In addition, BrightCloud's contextual mapping across different vectors such as file, domain, and malware data, continuously updates the IP reputation score and highlights typically less obvious connections to potential threat actors. IP reputation scores are updated every five minutes ensuring NetScaler customers have the most up-to-date protection. Citrix is a pioneer and leader in securing applications and delivering information to users wherever they are. Jason Poole, Director of Product Marketing, Application Security, said of the partnership, "In teaming with BrightCloud, we can provide our customers with an added layer of real-time protection and granular controls that protect against the new threats opened by flexible work models and ensure their devices, data, employees and customers remain safe." About OpenText Security Solutions As attack surfaces expand, OpenText Security Solutions help organizations of every size achieve cyber resilience with Webroot Security, Carbonite Data Management, BrightCloud® Threat Intelligence, and EnCase Digital Forensics and Threat Response. With a united front of best practices paired with layered solutions, we prevent, detect, and restore small, mid-sized and enterprise business operations in the event of a cybersecurity attack. About OpenText OpenText, The Information Company™, enables organizations to gain insight through market leading information management solutions, powered by OpenText Cloud Editions.

Read More

Spotlight

In this video, the Microsoft Cyber Defense Operations Center shares some best practices for protecting your information and privacy against cyberattacks and online threats, such as classifying information and then putting appropriate protections in place based on its value. Some information is meant to be public, some data is sensitive but not highly valued to outside entities, but some data is mission critical and/or could cause tremendous financial hardship if shared externally. This video shares some of the policies and practices that can be used to better protect information and data inside and outside of your operational perimeters.

Resources