SOFTWARE SECURITY

The latest Capcom multinational to be hit by cyber-attack disruption

silicon | November 09, 2020

Occupant Evil and Street Fighter creator Capcom hit by assault that upsets inside frameworks, while scientists state Ragnar Locker ransomware bunch is to be faulted

Japanese game creator Capcom has been hit by a security break that has disturbed its inner frameworks.

Industry watchers said the assault may likewise have prompted the burglary of touchy corporate information, with Capcom apparently having been focused by the Ragnar Locker ransomware gathering.

Capcom creates a portion of the gaming business' most popular titles, including Resident Evil and Street Fighter.

The organization said it got mindful of the assault on Monday, 2 November, when it started encountering disturbance to interior frameworks including email and record workers.

Disruption

“Beginning in the early morning hours of November 2, 2020 some of the Capcom Group networks experienced issues that affected access to certain systems, including email and file servers,” the company said in an official statement.

It said it had confirmed the disruption was due to “unauthorised access carried out by a third party”.
Capcom said it handicapped parts of its organization to stop the assault's advancement.

Toward the week's end the organization said it was proceeding to encounter email and web structure correspondences issues because of the assault's impacts on its workers.

Capcom additionally said it was incidentally unfit to react to archive demands.

The organization said there was no sign "as of now" that client data had been taken, and said internet ongoing interaction was not influenced.

The game creator added that it is doing an examination with law requirement, while taking measures to reestablish its frameworks.

Ragnar Locker

A few security scientists said the assault was crafted by the Ragnar Locker ransomware pack.

In a payment note distributed by Bleeping Computer, the pack professed to have taken 1TB of decoded inward information from workers in Canada, Japan and the US, and said it would delivery or sell the information if Capcom didn't pay a payment.

The payoff note was apparently joined by screen captures of documents including representative end arrangements, Japanese international IDs, bank and temporary worker explanations and Active Directory clients.

The note connected to a 24MB chronicle with additional archives including NDAs, pay bookkeeping pages, corporate interchanges and sovereignty reports.

The information in the report was taken from a ransomware test recouped by analyst Pancak3, who affirmed the contribution of Ragnar Locker by means of Twitter.

As indicated by Pancak3, the pack professes to have encoded 2,000 gadgets on Capcom's organizations and is requesting $11 million (£8.3m) in Bitcoin to unscramble them.

Information robbery

In the payoff note, Ragnar Locker claims it will erase the taken information on installment of a payment. Nonetheless, law implementation specialists prompt associations not to pay such payments as there is no assurance the hoodlums will hold to their promise.

This year Ragnar Locker has completed significant hacks on Portuguese energy monster Energias de Portugal (EDP), requesting a $10.9m payment, and French coordinations organization CMA CGM, which prompted critical disturbance of the organization's activities.

Analysts have noticed an expanding pattern toward joining ransomware assaults with the burglary of delicate corporate records.

In April the DoppelPaymer posse delivered archives taken from contractual workers to SpaceX, Tesla, Boeing, Lockheed-Martin and the US Navy after their objectives wouldn't pay ransoms.

Spotlight

Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the weakest link in cyber security. This white paper from Thales discusses the potential impact of this, and what organizations can do to mitigate the related risks.


Other News
PLATFORM SECURITY

QuSecure Launches Industry’s First End-to-End Post-Quantum Cybersecurity Solution to Uniquely Address Current and Future Quantum Computing Threats

QuSecure | May 21, 2022

QuSecure™, Inc., an innovator in post-quantum cybersecurity (PQC), today introduced its quantum orchestration platform, QuProtect™, the industry’s first end-to-end PQC software-based solution uniquely designed to protect encrypted communications and data with quantum-resilience using quantum secure channels. With QuProtect, for the first time organizations can leverage quantum resilient technology to help prevent today’s cyberattacks, while future-proofing networks and preparing for post-quantum cyberthreats. Leading experts, including Arthur Herman, senior fellow and director of the Quantum Alliance Initiative at The Hudson Institute, believe that a Cryptographically Relevant Quantum Computer (CRQC), which is a quantum computer that can break current cryptography and will expose the world’s encrypted communications and data, will be available within the next 3-5 years. Additionally, nation-state attackers are currently stealing encrypted data, using a “Steal Now, Decrypt Later” (SNDL) strategy to collect global encrypted data, which will be retroactively decrypted once a CRQC is available. As a result, on May 4, the White House mandated PQC compliance via the National Security Memorandum “Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” Also, the bipartisan Endless Frontiers Act would establish a Technology and Innovation Directorate at the National Science Foundation which would use $100 billion in federal funds over five years to research emerging technologies including quantum computing, and specifically mentions the need for PQC. Organizations will need to follow suit to protect their data and communications from post-quantum cyberthreats. QuProtect provides quantum-resilient cryptography, anytime, anywhere and on any device. QuProtect uses an end-to-end quantum security as a service (QSaaS) architecture that addresses the digital ecosystem’s most vulnerable aspects, uniquely combining zero-trust, next-generation post-quantum-cryptography, quantum-strength keys, high availability, easy deployment, and active defense into a comprehensive and interoperable cybersecurity suite. The end-to-end approach is designed around the entire data lifecycle as data is stored, communicated, and used. “Quantum technologies have the potential to represent a platform shift, and platform shifts don’t come around that often,” said Laura Thomas, former CIA Chief of Base with more than 17 years in various national security and leadership roles and currently VP of Corporate Strategy at ColdQuanta, a quantum computing and sensing company. “When they do, they bring enormous opportunity coupled with the power for intense disruption, in all arenas, to include national security and economic security. Organizations should be evaluating post-quantum encryption solutions now and mapping out the resources and timelines needed to deploy them on their networks. QuSecure is playing a key role in future-proofing our networks from current classical and future quantum attacks.” QuSecure also today announced its formal company launch. See accompanying company launch press release issued by QuSecure today at QuSecure Company Launch. “Enterprises are charged with providing high levels of data security,” said Skip Sanzeri, QuSecure Founder and COO. “We are facing the largest computer upgrade cycle in history as all public key cryptography globally needs to be upgraded to PQC. Our QuProtect solution provides organizations with a first-mover advantage as the industry accelerates toward a quantum future. QuProtect allows organizations and their clients to maintain the highest level of quantum-resilient security to address cyberthreats with minimal disruption to existing systems.” QuProtect protects any node on the network by using National Institute of Standards and Technology (NIST) approved quantum algorithms to create secure quantum communications channels. Its technology enables backwards compatibility and can translate back and forth from PQC to standard Transport Layer Security (TLS), ensuring interoperability with any network. No other company combines QuSecure’s broad-based quantum and post-quantum technologies providing secure, interoperable cybersecurity to protect organizations’ networks from quantum threats. QuProtect’s unique differentiators include (partial list): Post-quantum open-source, end-to-end data protection on all platforms and networks – QuSecure applies post-quantum protections to all systems and devices – from cloud, to server, to laptop, to edge and IoT – protecting communications and data. QuProtect uses Quantum Random Number Generation (QRNG) to create quantum-resilient cryptographic keys which provide entropy throughout the entire network. Network-wide entropy is important because true quantum randomness protects systems from vulnerabilities and attacks such as pattern detection and cryptanalysis. Easy integration and deployment with zero client-side installations supporting most platforms – QuProtect is designed to be simple to deploy, operate and manage for existing devices and systems. Any existing platform that runs cryptography can be upgraded to PQC through QuProtect’s software-upgrade solutions. QuSecure’s solution enables controlled, phased deployment in highest priority segments first, enabling organizations to audit and/or delay endpoints which don’t need immediate upgrade. QuProtect permits instantaneous re-selection of algorithms enabling crypto agility while NIST finalizes the PQC algorithms to be standardized. Continuous monitoring and attack resilience – QuProtect improves security through continuous anomaly monitoring, machine learning-enabled attack detection, and active remediation. QuProtect is the industry’s most advanced PQC solution providing end-to-end quantum-resilience for many of today’s critical use cases, including satellite, network, and IoT communications. QuProtect can be hosted on-premise or via cloud-based orchestration delivering the most compatible solution to the post-quantum problem. An organization can implement PQC across all devices on the network with minimal disruption to existing systems, protecting against current and future classical and quantum attacks which could irreparably disrupt industries and infrastructures across government and commercial sectors. About QuSecure QuSecure is an innovator in post-quantum cybersecurity with a mission to protect enterprise and government data from quantum and classical cybersecurity threats. Its patent-pending, quantum-safe solutions provide an easy transition path to quantum resiliency across any organization. The company’s QuProtect solution is the industry’s first PQC software-based platform uniquely designed to protect encrypted communications and data with quantum-resilience using a quantum secure channel. QuSecure has current customer deployments in banking/finance, healthcare, space/satellite, IT/data enterprises, datacenters and various Department of Defense agencies. QuSecure is investor backed and has offices in Silicon Valley.

Read More

PLATFORM SECURITY

Cloudflare Completes Acquisition of Area 1 Security

Cloudflare | April 04, 2022

Cloudflare, Inc. , the security, performance, and reliability company helping to build a better Internet, today announced it has completed its acquisition of Area 1 Security. Email is both one of the largest cloud applications for any business, and the biggest security threats that organizations of all sizes face. Yet legacy email security solutions are often expensive, overly complex, and disjointed from an organization’s holistic security strategy. Further, malicious phishing and business email compromise campaigns are incredibly costly—with U.S. businesses losing more than $2.4 billion a year according to data from the FBI’s Internet Crime Complaint Center 2021 Internet Crime Report. With the acquisition of Area 1 Security, Cloudflare will provide organizations an easy way to block phishing, malware, business email compromise and other advanced threats as part of an integrated, Zero Trust approach to securing all of their organizations’ applications. “Cloudflare's mission is to help build a better Internet, and we've invested heavily in building the world's most powerful cloud network to deliver a faster, safer, and more reliable Internet for our users. Now we're officially able to welcome the Area 1 team to Cloudflare and enhance our ability to secure the number one place where security threats come from, email. To us, Zero Trust security without email built in is worth nearly zero. By bringing email security and Zero Trust together with Area 1 Security, we believe that we will give customers the most complete Zero Trust security platform available." Matthew Prince, co-founder & CEO of Cloudflare Area 1 Security’s cloud native platform, which works seamlessly with any email offering, stops phishing and other advanced email attacks by preemptively discovering and eliminating them before they can inflict damage in a corporate environment. By combining Area 1 Security’s highly scalable technology and years of experience in email protection with Cloudflare’s global network, the two companies will provide a holistic Zero Trust solution that customers can enable through Cloudflare’s global network. Area 1 Security’s email security capabilities will be available for purchase for all enterprise plan customers today, and will be available to customers on all other paid plans in the months to come. "Cloudflare delivers one of the world’s leading Zero Trust networks, and we're excited about what we'll be able to build together for our customers and channel partners," said Patrick Sweeney, CEO and President of Area 1 Security. "By joining forces, Area 1’s technology and Cloudflare's global network will give customers the most complete Zero Trust security platform available, inclusive of securing the most critical of today’s business applications – your email." About Cloudflare Cloudflare, Inc. is on a mission to help build a better Internet. Cloudflare’s suite of products protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures 2018 list and ranked among the World’s Most Innovative Companies by Fast Company in 2019. Headquartered in San Francisco, CA, Cloudflare has offices in Austin, TX, Champaign, IL, New York, NY, San Jose, CA, Seattle, WA, Washington, D.C., Toronto, Lisbon, London, Munich, Paris, Beijing, Singapore, Sydney, and Tokyo.

Read More

DATA SECURITY

ITC Secure and Cassava Technologies Announce Joint Venture to Expand Industry Leading Security Operations and Microsoft Cloud Security Expertise

ITC Secure | December 16, 2021

ITC Secure (ITC), a leading advisory-led cyber security services company and a Microsoft Gold cyber security partner, and Cassava Technologies, the pan-African technology leader, announced today that they have entered into a Joint Venture (JV) to build and launch an extensive portfolio of cyber security services, powered by Microsoft Azure cloud technologies in Africa. Hardy Pemhiwa, the CEO of Cassava Technologies said: “Digital transformation in Africa is accelerating the adoption of cloud services which is creating an urgent need to better protect users and business-critical data. Cassava Technologies footprint covering more than 15 countries in Africa, we are well-positioned to meet the growing needs of businesses and individuals and expand access to cybersecurity and other digital services. We look forward to bringing ITC’s world-class cyber expertise, coupled with Microsoft’s industry-leading technology, to build Africa’s digital future.” “The strategic partnership between ITC Secure and Cassava Technologies, as a pan-African technology leader, will bring Microsoft’s cutting-edge cloud security solutions to the African market to drive the growth of the technology sector and innovation across Africa.” Andre Pienaar, the Chairman of ITC Secure Admiral Mike Mullen, the Chairman of ITC Secure USA said: “The combination of ITC Secure and Cassava Technologies will help guide us to the future while addressing the growing needs of individuals and organisations in the African market for a secure digital world, built on the best solutions and delivered by the best experts.” Replicating best practice of a leading UK SOC to build a cutting-edge SOC in Africa ITC’s 24/7 Operations Centre, based in London, is at the forefront of delivering managed security services. As part of the JV, ITC and Cassava Technologies will build a state-of-the-art SOC in Africa. The centre will leverage Cassava Technologies’ in-depth knowledge of the African continent and ITC’s extensive experience in cybersecurity, to enable the rapid delivery of cyber services and operations on the continent. Steering the future ITC’s mission to ‘make the digital world a safer place to do business’ echoes Cassava Technologies’ vision of a digitally connected future that leaves no African behind. This JV addresses the growing need to ensure that individuals and organisations are safe and secure online and will further demonstrate how cyber security can be a business enabler, helping to drive growth and create jobs across Africa. Facilitating knowledge transfer locally The skills gap in the cyber security industry continues, with recruitment and retention an ongoing challenge. The JV will facilitate access to experts globally and close collaboration and knowledge transfer locally. This will enable faster on the ground response, the sharing of cyber security best practice and streamlined sharing of internal resource. Extended portfolio of cyber security services ITC’s integrated delivery model provides access to the best cyber security skills, technology, and governance. Encompassing a unified suite of solutions that start with an advisory-led approach, including Identity and Access Management capabilities and managed security services like Managed Detection and Response. At the heart of ITC’s integrated delivery model is PULSE, an extended detection and response platform powered by Microsoft Sentinel, that integrates specialist knowledge and expertise. ITC is a Microsoft Gold partner in Security and Cloud and a member of the Microsoft Intelligent Security Association. Organisations will gain access to a level of expertise recognised by Microsoft as the “highest, most consistent capability” – underpinned by a cohesive set of services that scale. About ITC Secure ITC Secure is an advisory-led cyber security services company. We have a 25+ year track record of delivering business-critical services to over 300 blue-chip organisations - bringing together the best minds in security, a relentless focus on customer service and advanced technological expertise to help businesses succeed. With our integrated delivery model, proprietary platform and customer-first mindset, we work as an extension of your team throughout your cyber journey and always think not only about you, but also your customers and the reputation of your brand. ITC Secure a certified Great Place to Work® and is headquartered in London, UK. With a dynamic balance of the best in people, technology, and governance, we make cyber resilience your competitive advantage. About Cassava Technologies Cassava Technologies is a pan-African technology leader providing a vertically integrated ecosystem of digital solutions, designed to significantly accelerate connectivity and drive digital transformation across the African continent. Cassava Technologies creates the enabling digital infrastructure with cross-border fibre, renewable energy solutions, and a state-of-the-art network of data centres that provides access for millions to complementary digital services of Wi-Fi, Cloud, cybersecurity and fintech solutions. This ecosystem aims to transform the lives of individuals and businesses across the continent by enabling social mobility and economic prosperity.

Read More

SOFTWARE SECURITY

Criminal IP New Cybersecurity Search Engine launches first beta test

AI Spera | April 12, 2022

AI Spera announced Criminal IP, a new cybersecurity platform, today. Criminal IP is a total Cyber Threat Intelligence (CTI) search engine intended to identify potential vulnerabilities that threatening companies or individuals' IT assets. It also offers a new way to manage them comprehensively by allowing users to find results for malicious IP address, malicious domains, phishing sites, forged certificates, all IT assets, and other security related information immediately. The company has been recruiting beta service testers and plans to operate beta service for three months from April 28. Testers pre-registering for beta service will be given a three-month free license and if testers participate in the service survey, they can receive an additional one-month free license as a reward. Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals. This allows users to see the details of their assets at a glance, from DB servers, files servers, middleware servers, administrator servers as well malicious sites, and easily spot the assets exposed to the attack surface. The solution also provides all possible information about domains in real time, including network logs, used programming technologies and security-related information, without having to directly access websites. Analyzing this information with AI/Machine learning technology, it shows an overall score of the domain and DGA (Domain Generation Algorithm) score in five stages (Critical, Dangerous, Moderate, Low, Safe) allowing users to determine and respond to threats. Users can prevent security problems in advance by searching for vulnerabilities in IT assets and identifying cyber attackers' attack points for attack surface management purposes through Criminal IP data. In addition, everything that has happened to a particular IP address can be recorded like a criminal record to track malicious behavior of an IP address. "Above all, this platform is the ultimate comprehensive solution that maximizes user's convenience by providing all CTI information distributed by different solutions in one place. In hopes that Criminal IP can be used in a variety of areas to defend against evolving cyber threats, including education and research, corporate security teams, white hackers, state agencies, and cybercrime investigations, we decided to operate free beta services to receive feedback on product improvement." Byungtak Kang, CEO at AI Spera Features and benefits of Criminal IP include: providing a wide range of cyber threat information, including malicious IPs, C&C domains, various domain information, threat intelligence images and CVEs, which map IP& Domain scoring algorithms and various threat information based on big data on 4.2 billion IP addresses and billions of domain addresses worldwide analyzing all possible details about domains including screenshots, domain category, whois information, used technologies, connected IP addresses, page redirections, certificates, network logs, cookies as well as interesting security-oriented features like possible malicious contents and replicated phishing domains with overall score of the domain and DGA (Domain Generation Algorithm) score searching and updating global IP addresses and domains in 24/7 to extract applications and services in use, and provide information on security vulnerabilities of IT assets to enable real-time automatic attack surface management offering straightforward search result based on a wide range of specific search filters so that users can conveniently access the right information they need About AI Spera AI Spera is a fast-growing company in the field of cyber threat intelligence. Based on AI and Machine Learning technology, the company focuses on detection of anomalies and data-oriented security solutions. The company supports as many corporates, security developers and researchers as possible to view the attack surface through the eyes of an attacker and provide various AI-based intelligence security solutions across industries including online games, financial, security and national institutions.

Read More

Spotlight

Humans, their preference to minimise their own inconvenience, their predictability, apathy and general naivety about the potential impacts of their actions, are the weakest link in cyber security. This white paper from Thales discusses the potential impact of this, and what organizations can do to mitigate the related risks.

Resources