Leveraging Threat Intelligence to Tackle Cyberthreats in Times of COVID-19

Microsoft | June 16, 2020

  • Each year Microsoft releases its Security Endpoint Threat Report, which offers critical insights into cyber threat vectors identified by analysing.

  • Developed countries can largely be attributed to the varying levels of technological development and cyber hygiene practices, including the extent of the usage of genuine software across the region.

  • According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack.


In Asia Pacific, we leverage this data to analyze local trends in the ever-evolving threat landscape. The latest report, which covered a 12-month period from January to December 2019, revealed that developing markets in the region were most challenged by ransomware and malware encounters. In contrast, the developed markets struggled with an increased volume of drive-by download attacks. Within the region, the difference between developing and developed countries can largely be attributed to the varying levels of technological development and cyber hygiene practices, including the extent of the usage of genuine software across the region.


According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack, and, of the millions of targeted messages we see each day, roughly 60,000 involve COVID-19 related malicious attachments or malicious URLs, including attackers impersonating established entities like the World Health Organization (WHO) and other health related oragnizations to leverage these organizations’ credibility to trick people into clicking on links in unsolicited emails.



Read more: CYBERATTACKS ON CRITICAL INFRASTRUCTURES WITNESS SHARP RISE DURING THE PANDEMIC

According to the Microsoft Threat Intelligence Protection team, every country in the world has seen at least one COVID-19 themed cyber attack, and, of the millions of targeted messages .

~ Microsoft


In 2020, however, like almost everything else, the global COVID-19 pandemic has upended the playing field, accounting for new risks and trends impacting the volume and nature of the attack vectors. Cybersecurity awareness is particularly crucial at this time, as cyber criminals have taken advantage of the global situation. With business continuity and operational resilience at stake, awareness of key cybersecurity considerations is crucial, as many organizations look at a long-term shift towards work from home.


Security has proven to be the foundation for digital empowerment in a remote workforce. Cloud-based endpoint protection technology enables employees to work when, where, and how they need to work and can allow them to use the devices and apps they find most useful to get their work done. After all, security technology is fundamentally about improving productivity and collaboration through inclusive end-user experiences.


As organizations adapt to the new reality and its cybersecurity implications, there is an equally critical, if not higher, need to educate employees so they don’t become the weakest link in the security chain.


Over the past two years, Zero Trust has emerged as a key security philosophy for businesses. COVID-19 has allowed for a real-life demonstration of why it’s important. Companies relying on traditional ideas of securing workers through “walls and moats” at the perimeter (aka firewalls) were both more susceptible to COVID-19 themed threats and were less able to meet the demands of a newly remote workforce.


Zero Trust shifted from an option to a business imperative in the first 10 days of the pandemic. The Zero Trust architecture will eventually become the industry standard, which means everyone is on a Zero Trust journey whether they know it or not. Diverse data for better threat intelligence – A blend of automated tools and human based insights are needed to identify new COVID-19 themed threats. With adversaries adding new pandemic themed lures to their phishing attacks, organizations need to bolster their security foundation with strong threat intelligence, which is derived from analyzing a diverse set of products, services and feeds from around the globe.


Read more: GOOGLE TOP CHOICE FOR CYBERCRIMINALS FOR BRAND-IMPERSONATION SPEAR-PHISHING CAMPAIGNS

Spotlight

"For many organizations, a “disaster” usually means something that impacts the data center from the outside, such as the wrath of a storm or of a violent terrorist act. While newsworthy events should inspire reflection on the state of our preparations, disaster recovery assessment shouldn’t be limited to the consequences of a hurricane, earthquake or similar catastrophe. Lower profile but nevertheless important events– from software bugs to hardware failures – that may be every bit as consequential as fire or flood, need to be considered as well. From a business perspective, a disaster isn’t just what makes the news, but anything that makes the ordinary conduct of business difficult or even impossible. If an event, at any scale, can interrupt our operations, it poses a threat we cannot ignore. Whatever is at stake, be it the loss of revenues, reputation and customers – or even, for the security forces and medical professionals who serve and protect, the potential loss
of lives – any unexpected IT interruption represents a potential disaster which we must either be prepared to avoid or from which we must be prepared to recover.
This Disaster Recovery Planning Guide offers a business perspective on what is often mistakenly considered a technological issue. As you’ll see in subsequent pages, the most crucial considerations are determined more by business needs than IT requirements. In fact, the most important disaster recovery decisions are not about technology, per se, but are about the business demands that drive technology choices."


Other News
SOFTWARE SECURITY

Contrast Security Introduces Cloud-Native Automation

Contrast Security | April 23, 2022

Contrast Security , the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies. Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers. "Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale. These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone." Sanjay Ramnath, Vice President of Product Management at Contrast Security Contrast enables Red Hat OpenShift users to benefit from the following capabilities: Source-to-Image Deployment: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production. CI/CD Jenkins Pipelines: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast. OpenShift Pipelines via Tekton: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment. The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

DATA SECURITY

IT-Harvest Launches the Analyst Dashboard for Cybersecurity

IT-Harvest | March 31, 2022

IT-Harvest, a data-driven industry analyst firm, announces the launch of an SaaS application for tracking and analyzing the entire cybersecurity industry. Some data will be published for free at dashboard.it-harvest.com. Subscribers will receive access to all the data assembled over a decade by IT-Harvest, including category, subcategory, headcount each quarter, investments, and key executives. Using the data on each of the 2,850 vendors worldwide, it is possible to compare countries, states, and regions. For instance, there are 1,567 cybersecurity vendors in the United States, 357 in the EU, and 236 headquartered in Israel. California is currently home to 560 cybersecurity companies. "The launch of this app is the realization of a 17-year journey to create an analyst firm that could offer more than opinions and reports. Subscribers get access to all the data we use in our research and reports. They can do their own analysis to test an investment thesis, find targets for acquisition, or create a short-list of vendors for a particular technology they are looking to acquire." Richard Stiennon, Chief Research Analyst at IT-Harvest In addition to the data, subscribers are purchasing a seat for advisory services, much like with a traditional analyst firm. IT-Harvest analysts are available for inquiries on markets, technology, and vendors as part of the annual subscription. The data available in the Analyst Dashboard is printed every year in the Directory in Security Yearbook available at www.it-harvest.com/shop. IT-Harvest tracks headcount at all cybersecurity vendors to identify fast growing companies and segments. That data is updated quarterly in the Analyst Dashboard and presented in a Leaderboard sorted by growth over the past quarter and calendar year. Subscribers can add any number of vendors to a watchlist and get email alerts when data on a company is updated. This could include new funding, a change in the executive team, inclusion in a research report, or an acquisition.

Read More

PLATFORM SECURITY

Contrast Security Achieves AWS DevSecOps Competency Status

Contrast Security | May 13, 2022

Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, announced today that it has achieved Amazon Web Services (AWS) DevOps Competency for development, security, and operations (DevSecOps) garnered by demonstrating technical proficiency and proven customer success specializing in DevSecOps. Contrast was selected as one of the official launch partners of the DevSecOps Competency by AWS, which is an extension of the DevOps category. Achieving the AWS DevOps Competency for DevSecOps differentiates Contrast Security as an AWS Partner with deep domain expertise in delivering software products that integrate security across every stage of the development and delivery cycles, including pre-, during, and post-deployment. Contrast Security is part of a small group of innovative security technologies to achieve the AWS DevSecOps Competency in its inaugural year. "We're honored to achieve AWS DevSecOps Competency status on top of the DevOps Competency status that we received last year. It is a true testament to our efforts in helping large enterprises ensure security and compliance across the entire lifecycle of their web applications and APIs running on AWS. We're looking forward to expanding our AWS capabilities so that organizations garner continuous visibility and centralized point-of-control for software risk through a single platform." Surag Patel, Chief Strategy Officer at Contrast Security By using instrumentation technology, Contrast Security is embedding self-assessment and self-protection capabilities directly into AWS applications during run-time. This enables DevSecOps teams to detect accurate code-level vulnerabilities (both custom code and open source libraries) in development and quality assurance (QA) environments, and monitor and block production applications from threats and attacks in real-time. Envestnet | Yodlee, the leading data aggregation and data analytics platform, helps consumers live better financial lives through innovative products and services created for more than 1,400 financial institutions and financial technology (FinTech) companies. The company revolutionizes financial services with its intelligent APIs, innovative applications, and advanced analytics products. With the help of Contrast Security and AWS, the company was able to seamlessly integrate new applications and accelerate its time-to-market. The AWS offerings have helped Envestnet | Yodlee launch products to market quickly and effectively. By implementing Contrast as part of their DevSecOps initiatives, Envestnet | Yodlee further secured its financial software solutions and by adopting a DevSecOps methodology, security and development teams are jointly responsible for bolstering security by essentially bringing development and operations together. "Envestnet | Yodlee requires an application security framework that is repeatable, scalable, and can find and remediate vulnerabilities by using the best software security solutions," said Saran Makam, Director of Application Security at Envestnet | Yodlee. "My team chose Contrast Security because their solution was well received by our development and security teams and because it works continuously and in real-time." About Contrast Security Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Read More

DATA SECURITY

HUB Security Announces Ultimate Docker Lifecycle Management Platform

HUB Security | December 17, 2021

HUB Security, a secure computing solutions provider, announced today its Docker Digital Twin product to better protect, authenticate, and verify traffic created by Docker, a highly used platform for package containment. The HUB Security Docker Digital Twin enforces access control and provides governance processes, such as approvals for sensitive actions, on incoming Docker traffic. It blocks attack vectors involving the loss or theft of credentials, vulnerabilities, and unauthorized access. Docker creates virtual containers (called packages) that allow applications and their dependencies to run seamlessly on any operating system. It is used by some 55% of professional developers daily and is the leading solution for cloud-based SaaS platforms. It is also ubiquitous in large enterprises, financial institutions, and public clouds, as well as defense equipment, servers, and data centers. Docker packages, because of their extensive use, are often the target of cyber security threats from hackers. "We want to create a seamless experience for our customers when it comes to security,Our new system enables multi-layered security processes for the entire compute stack with Docker being part of it. The solution is also future proof, meaning clients can rest assured for years that their systems are safe and secured." Andrey Iaremenko, HUB Security's CTO The Docker Digital Twin solution will be incorporated into existing HUB Security technology without changing existing operational controls and services. The product's complete remote update capabilities will provide full support for any and all Docker versions and security capabilities. About HUB Security HUB Security was established in 2017 by veterans of the 8200 and 81 elite intelligence units of the Israeli Defense Forces. The company specializes in unique Cyber Security solutions protecting sensitive commercial and government information. The company debuted an advanced encrypted computing solution aimed at preventing hostile intrusions at the hardware level while introducing a novel set of data theft prevention solutions. HUB operates in over 30 countries and provides innovative cybersecurity computing appliances as well as a wide range of cybersecurity professional services worldwide.

Read More

Spotlight

"For many organizations, a “disaster” usually means something that impacts the data center from the outside, such as the wrath of a storm or of a violent terrorist act. While newsworthy events should inspire reflection on the state of our preparations, disaster recovery assessment shouldn’t be limited to the consequences of a hurricane, earthquake or similar catastrophe. Lower profile but nevertheless important events– from software bugs to hardware failures – that may be every bit as consequential as fire or flood, need to be considered as well. From a business perspective, a disaster isn’t just what makes the news, but anything that makes the ordinary conduct of business difficult or even impossible. If an event, at any scale, can interrupt our operations, it poses a threat we cannot ignore. Whatever is at stake, be it the loss of revenues, reputation and customers – or even, for the security forces and medical professionals who serve and protect, the potential loss
of lives – any unexpected IT interruption represents a potential disaster which we must either be prepared to avoid or from which we must be prepared to recover.
This Disaster Recovery Planning Guide offers a business perspective on what is often mistakenly considered a technological issue. As you’ll see in subsequent pages, the most crucial considerations are determined more by business needs than IT requirements. In fact, the most important disaster recovery decisions are not about technology, per se, but are about the business demands that drive technology choices."

Resources