STE WILLIAMS

SonicWall and ADT Cybersecurity, the managed services arm of ADT, best known for delivering physical security monitoring, today announced a partnership to offer cybersecurity services for small-to-midsized businesses.

Security service offerings for SMBs have been on the rise in the past year or two as these organizations increasingly have suffered cyberattacks. 

Bill Conner, president and CEO of SonicWall, says the partnership between the companies stemmed from an acquisition ADT made last year of Secure Designs, Inc. (SDI), one of the MSSPs from which SonicWall sold its SMB security products. According to Conner, ADT will concentrate on sales and security monitoring, and SonicWall will provide its layered security offerings, including network security via SonicWall TZ series firewalls, secure email from SonicWall Hosted Email Security, and encrypted traffic protection via SonicWall SPI-SSL technology.

SonicWall will also provide its patent-pending Real-Time Deep Memory Inspection (RTDMI) technology, designed to deliver more protection than traditional sandboxing. “What’s happened is that with large corporations doing a better job on security, the bad threat actors are moving to SMBs,” Conner says. “The idea behind this partnership is to give the same kind of protection that large corporations get from MSSPs at a price that SMBs can afford.”

Martha Vazquez, a senior research analyst at IDC, says SMBs have become the sweet spot for the industry to address.

“More than 50% of these businesses plan to outsource their security functions to a third party such as an MSSP,” Vazquez says. “These organizations are becoming more aware than ever of the security challenges as they become more reliant on the Internet and face ongoing advanced security threats.”

Vazquez says while it’s too soon to call the ADT Cybersecurity/SonicWall partnership a trend, she believes that cable companies and other service providers will form partnerships with security vendors – and it’s possible that other home security companies will look at the IT security space as well.

Meanwhile, SonicWall’s 2019 Cyber Threat Report found nearly 75,000 “never-before-seen” threats in 2018 alone. In an analysis of data from more than 200,000 malicious events and malware samples, SonicWall found:

• 10.52 billion malware attacks were blocked in 2018
• 217.5% increase in IoT attacks
• More than 2.8 million encrypted malware attacks were blocked in 2018, a 27% year-over-year increase from 2017
• 11% year-over-year increase in ransomware attacks
• 56% increase in Web app attacks
• 3.9 trillion intrusion attempts

Related Content

• Keys for Working with Modern MSSPs
  
• 8 ‘SOC-as-a-Service’ Offerings
• Under Attack: Over Half of SMBs Breached Last Year
• 55% of SMBs Would Pay Up Post-Ransomware Attack  

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: https://www.darkreading.com/perimeter/adt-teams-up-with-sonicwall-for-smb-security-services/d/d-id/1334901?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Front-line analysts in security operations centers (SOCs) are doing less while C-level executives are doing more, according to a new report. And even senior executives are subject to the same alert fatigue and false-positive issues as their junior employees.

The Exabeam annual “State of the SOC” report is based on surveys with 150 IT executives in the US and UK, carried out by Cicero Group. The surveys found 86% of CIOs and CISOs are now involved in incident response, up from 65% in last year’s report. And 67% of CIOs and CISOs are taking part in threat-hunting activities, up from 51% a year ago.

While fewer than half of the SOC analysts are using automation in their work (48%), 34% want to invest in more automation to save time in responding to incidents. It’s likely that they would also see this as a way to make the most of human resources, since roughly one-third of executives say their SOC is understaffed by 6–10 employees.

For more, read here.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/analytics/senior-executives-more-involved-with-soc-operations-report-finds/d/d-id/1334902?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Almost four years since an FBI sting infiltrated and dismantled the infamous Darkode cybercrime forum, the US Department of Justice (DOJ) has revealed a new arrest and more charges against four conspirators, including those against three international suspects that remain fugitives.

The suspects are being charged with racketeering conspiracy for allegedly developing and distributing malware through the Darkode forum, a black market bazaar for peddling malware, stolen identities, botnets, and vulnerability information, that was the centerpiece of the Dark Web in its heyday.

When the FBI shut down the invitation-only forum in 2015, Darkode had been extant for the better part of eight years, with anywhere between 250 to 300 active members participating.  

“Darkode was a criminal organization centered around an online, password-protected criminal forum where high-level international hackers and other cybercriminals convened,” the DOJ said in a statement this week on the latest arrest. 

The federal officials reported this week that they brought new charges against an American, a Slovinian, a Serbian, and a Spaniard in an indictment on December 4, 2018. A few days later they arrested the American, Thomas McCormick, aka fubar, on December 4, 2018 at the FBI’s Washington Field Office in Washington, D.C. Meanwhile, the following three suspects remain at large: 

·     Matjaz Skorjanc, aka iserdo or serdo, of Maribor Slovenia, who was widely known as the ringleader of Darkode;

·     Florencio Carro Ruiz, aka NeTK or Netkairo of Vizcaya, Spain; and 

·     Mentor Leniqi, aka Iceman, of Gurisnica, Slovinia.

US Attorney Jessie K. Liu alleges in the charging documents that the men were responsible for racketeering conspiracy and conspiracy to commit bank, wire, and access device fraud, identity theft, hacking, and extortion. The maximum penalty for racketeering conspiracy to commit bank fraud is 20 years in jail, while the maximum conspiracy to commit wire fraud and bank fraud is 30 years.

The action announced this week is cleanup after a years-long effort to address what one U.S. Attorney called “one of the gravest threats to the integrity of data on computers in the United States and around the world.”

The forum was the origination point of a number of devastating attacks and attack tools of the time, including the Android-targeting Dendroid malware, which was eventually found to be the partial brainchild of a former intern at security vendor FireEye.

The original takedown of Darkode was the result of Operation Shrouded Horizon, an international cooperation between the FBI and law enforcement from 19 nations that lead to the previous charges, arrests, and searches of 70 members of the forum. 

According to reporting from Forbes earlier this spring, a new iteration of Darkode is now back online though it’s no longer an exclusive Dark Web affair. The site is now on the regular Internet, and boasts over 12,000 members exchanging information and selling wares at prices between $200 to $1,000, utilizing Bitcoin to avoid being tracked.

Related Content:

• Dridex Botnet Still Alive Kicking
• Darkode Shuttered, But Cybercrime Still Alive Well
• Ramnit Botnet Disrupted By International Public-Private Collaboration

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/feds-make-new-arrest-in-darkode-case/d/d-id/1334904?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cisco has announced its intention to purchase Sentryo, a French company focused on device visibility and security for industrial control system (ICS) networks. According to Cisco, the addition of Sentryo’s products and technologies will allow it to provide deeper visibility into Internet of Things (IoT) devices for security and performance purposes.

Liz Centoni, senior vice president and general manager of Cisco IoT, says that Cisco’s 65,000+ IoT customers are in different stages of deployment, but most share a need to understand precisely what is attached to their IoT network (or operational technology — OT — network, in the industrial control sphere), so that they can take the next step into proper segmentation for security.

“While we have many success stories, the big thing that’s a roadblock is security,” Centoni says. “We have the right tools in terms of segmentation in what we call the ‘non-carpeted space,’ but the biggest problem is visibility,” she explains. “In the enterprise we’ve solved a lot of that, but customers say they may not know 30% to 40% of the assets on the IoT.”

Part of the difficulty in seeing those assets, says Joe Malenfant, director of marketing for Cisco IoT, is the sheer variety in the ways that the devices talk to one another. “The reason IT can’t solve [the visibility problem] is that we don’t talk the protocols. There are more than 3,500 different, sometime proprietary protocols,” Malenfant says, and Sentryo understands those protocols so that customers can identify the device and protocol.

Sentryo’s products are focused on industrial control systems rather than the IoT of wearable technology and smart assistants. Centoni says that, over time, Cisco plans to integrate Sentryo’s products with Cisco DNA Center and Identity Services Engine (ISE) to allow more control and segmentation, along with greater integration of OT system control into traditional IT operations.

The importance of protecting IoT networks when they are more tightly integrated into the enterprise network was highlighted by a US-CERT Alert showing critical updates to products in Cisco’s IoT and enterprise network lines, updates intended to close down vulnerabilities that could allow attackers to gain entry to the network at the IoT endpoint and leverage that entry into an enterprise network attack.

Asked about a timeline for the integration of Sentryo products into Cisco, Centoni says it’s too early to set a precise schedule for bringing the systems together. According to Cisco, the acquisition is expected to close before the end of Cisco’s first-quarter fiscal year 2020 (October 26, 2019) pending all customary closing conditions and regulatory approvals in the US and France.

Related content:

• Focusing on Endpoints: 5 Steps to Fight Cybercrime
• Consumer IoT Devices Are Compromising Enterprise Networks
• Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
• 7 Malware Families Ready to Ruin Your IoT’s Day

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio

Article source: https://www.darkreading.com/iot/cisco-buys-sentryo/d/d-id/1334905?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

The Dark Web, long known as a hotbed for buying and selling stolen credit cards, fake passports, drugs, weapons, and other contraband, is a growing market for cybercriminals seeking to target organizations with custom malware, access networks, and disrupt operations.

Dr. Mike McGuire, senior lecturer in criminology at the University of Surrey, has written a series of reports detailing investigations into the darkest corners of the Web. The pool of research, sponsored by Bromium, is broadly titled “Into the Web of Profit.” Its latest installment, “Behind the Dark Net Black Mirror: Threats Against the Enterprise,” digs into business-focused activity.

The idea behind “Into the Web of Profit” was to research the myriad ways cybercrime is changing and the different ways cybercriminals make money on the Dark Web, which generates $1.5 trillion each year. McGuire admits he didn’t intend to focus on businesses when he started.

“It wasn’t initially the idea to look directly at the enterprise here,” he explains. “But as I started to dig into the data, I realized just how central the enterprise was to this whole process.”

McGuire’s report examines how “platform criminality” – a form of cybercrime resembling platform-based business models similar to Amazon’s and Uber’s – is informing a new wave of cybercrime targeting enterprise victims, with data as its top commodity. In the report, Bromium CEO Gregory Webb calls this infrastructure a “candy store” for those hoping to steal intellectual property, trade in corporate secrets, interfere with operations, and spy on their targets.

“What they’re after is increasingly less old-fashioned cybercrime,” McGuire says. “What they want is operational information, they want revenues as well … it’s almost like a second level of the market.” The enterprise is being mined in different ways, he notes. It’s all corporate data, but different forms of corporate data have different price tags when sold on the Dark Web.

Risky Business
Compared with 2016, researchers found a 20% rise in the number of Dark Web listings that could potentially harm the enterprise: more targeted malware-for-sale, enterprise-specific DDoS services, corporate information for sale, and brand-spoofing phishing tools.

Sixty percent of listings (drugs excluded) represent opportunities for direct, immediate harm to enterprises, such as network compromises, suspension of online services, and financial loss. Another 15% represent chances for indirect harm, including brand reputation damage. Malware (25%), distributed denial-of-service (20%), and remote acess Trojans (17%) are the most common network compromise services. At least 60% of vendors asked about network access offer access to more than 10 business networks.

The market for specialized tools and data used in targeted attacks is growing. Custom malware outsells off-the-shelf malware 2-to-1, McGuire reports, noting a higher demand for zero-day and polymorphic malware, as well as malware tailored to specific industries. He also points to a greater demand for attacks against specific employees: Sellers offer data on financial performance, security systems, internal product manuals, and other sensitive information.

A Gray Area
Contrary to popular belief, the Dark Web is “not just a den of criminal activity,” McGuire says, and it presents businesses with an opportunity to learn more about the threats they face. But some companies toe the legal line when it comes to interacting with Dark Web sellers and collecting information on their competitors, or sharing customer or employee blacklists.

Competitive intelligence, or when businesses try to figure out how their rivals operate, is easily translated to the Dark Web, he explains. Information on others’ security weaknesses can be used to undermine them in the market; evidence of counterfeit products can damage their authority. Forums can be used to spread rumors or share consumers’ opinions, he adds.

Undercover researchers posed as representatives for a midsize organization and contacted 20 Dark Web vendors to ask whether they could obtain specific “items of interest,” including data on product trials, employee lists, annual accounts, directors’ salaries, and exec travel plans.

When they requested Dark Web hacking services targeting companies in the FTSE 100 or Fortune 500, about 40% of their attempts received positive responses. Prices for services ranged from $150 to $10,000, depending on the company involved. Espionage services (access to the CEO, for example) were offered to researchers for fees ranging from $1,000 to $15,000. Some vendors were suspicious when researchers wouldn’t pay up; others refused to respond.

Still, “in a lot of cases they just came back and said they could get that information for us,” McGuire says.

Businesses also dabble in sharing blacklists of rogue websites, new malware threats, or problematic customers and employees. Exchanging these lists is “at the boundaries of legality,” says McGuire, who calls it “a gray line between intelligence and overly engaging in espionage.”

The so-called “greynet” is a term used to describe business activity that isn’t quite illegal but not quite legal, either. Engaging in such “semi-licit” activity could risk brand damage or attract attention from law enforcement. Organizations must tread carefully on this quasi-legal ground.

Related Content:

• How Today’s Cybercriminals Sneak into Your Inbox
  
• Demystifying the Dark Web: What You Need to Know
  
• 7 Recent Wins Against Cybercrime
• Vietnam Rises as Cyberthreat

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/inside-the-criminal-businesses-built-to-target-enterprises-/d/d-id/1334898?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

If you’ve ever bought a house or participated in online dating, you may be familiar with the creative ways people euphemistically stretch the truth, or how they’ll bore you to tears with dry lists of facts. It’s not just dating and real estate where this is a problem; most job listings are every bit as bad, and cybersecurity is no exception.

We all know that when you see a listing for a “cozy” apartment, that it will have roughly the same floor space as a coat-closet. And if you see a dating profile with a list of “must haves” as long as your arm, you’re likely dealing with someone who’s nightmarishly impossible to please.

Typically, employers seem oblivious to the message their choice of wording sends to would-be employees. For example:

• Pay commensurate with experience = “We will low-ball you on salary.”
• Must be detail oriented = “We’re probing for any excuse not to hire you.”
• Self-starter = “You’ll get no direction on what you’re expected to do,”
• Fast-paced environment = “You’ll be putting out fires, day and night.”
• Growth opportunity = “Employees will be ground into paste until they quit.”
• Passionate = “Bring a sleeping bag, because you’ll be living at work.”

It’s entirely possible these conditions are accurate, in which case your next hire should be someone who can help you address your less-than-perfect cybersecurity work environment. But if your company truly is a great place to work, it might behoove you to steer clear of these and other common job listing clichés.

To start, don’t be that company with a massive list of “must haves.” Get realistic about what skills are truly required to do the job, rather than using commonly accepted signifiers for those skills. A particular degree, industry certification, or a specific number of years of experience is less indicative of ability than, say, fluency with a particular software language or technology. It’s also important to make sure that your HR department understands the reasoning behind these specific criteria so that they don’t undermine your efforts.

Sending the Right Message
After far too many years of online dating, I finally got the idea that dull lists describing either my ideal match or myself were not attracting the people I wanted to meet. So, I decided to include more creative and descriptive material in my profile. Right away, the people who contacted me were more compatible, which told me I was headed in the right direction.

To test the theory further, I asked a friend to participate in my experiment. I suggested that he describe the life he’d like to share with his match, rather than making exhaustive lists of hobbies and interests.

His first draft was rather rough: It included three paragraphs describing all the high-quality, grass-fed beef in his freezer. This was not the best use of a first impression. But subsequent drafts described his life in a way that sounded fun and inviting. The impression his words created was as warm and enthusiastic as he is in real life. Unsurprisingly, he found a long-term match very shortly after posting that update.

Work Culture? “I Love My Job”
If you want to attract the most suitable candidates to apply for a cybersecurity job, craft a story that answers a few questions:

• What will the right candidate love about this job?
• What would a great day at work be like?
• How can they make a difference within the company, or in the world at large?
• How would working for your company make their life better?
• What strengths will help them succeed in this job?

Make sure the photos you include in the help-wanted ad and on your website are reasonably flattering and diverse; if they feature people from only one demographic, anyone who isn’t in that demographic is likely to keep scrolling. Make sure your social media presence creates an attractive image too. And lastly, make sure you’re doing a good job of communicating clearly, and in a timely fashion. (Nobody likes being ghosted!)

Whether you’re trying to attract a potential homebuyer, date, or employee, the first and most important step is to make sure that the environment you’re trying to draw people into is attractive, interesting, and functional. Once you’ve gotten that far, then you can create an appealing description to entice people to inquire further.

Related Content:

• 7 Types of Experiences Every Security Pro Should Have
• What Cyber Skills Shortage?
• How Security Vendors Can Address the Cybersecurity Talent Shortage

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/cyber-talent-gap-dont-think-like-tinder!/a/d-id/1334871?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

(Image: hd3dsh – stock.adobe.com)

We look forward to summer’s warm weather, travel plans, and maybe some added relaxation. Cybercriminals look forward to summer’s new opportunities for scams and targeted attacks.

Seasonal threats aren’t new; for example, the holiday season typically brings phishing attacks in the form of fake package deliveries and fraudulent gift cards. Similarly, summertime, which drives an increase in flights and hotel stays, should put people on high alert for a wave of related scams.

Travelers taking time away from work and home are often too busy planning their vacations to protect their devices and data, but there’s no downtime for cyberattackers. Hackers are getting more advanced in their techniques to capture information, and they’re taking a closer look at the travel industry, targeting hotel chains and airlines with data breaches to capture loyalty program numbers, payment card data, and other personally identifiable information (PII).

But travel scams aren’t the only security threats to worry about this summer. Here, security experts weigh in on threats that should be top-of-mind for consumers and employees alike. Any threats you’re worried about that aren’t listed here? Feel free to share them in the Comments, below.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance Technology, where she covered financial … View Full Bio

Article source: https://www.darkreading.com/threat-intelligence/6-security-scams-set-to-sweep-this-summer/d/d-id/1334887?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple