Horizon3.ai Announces $40M Series C Funding

Posted in Commentary with tags on August 8, 2023 by itnerd

Horizon3.ai, a leading provider of autonomous security solutions, today announced $40M in Series C funding led by Craft Ventures with participation from Signal Fire. With 3x customer growth year-over-year, Horizon3.ai’s NodeZero platform has quickly become a leading industry tool for autonomous pentesting, helping customers quickly verify their security posture and reduce their exploitable attack surface.  

This funding will be used to build out Horizon3.ai’s enterprise-wide, proactive security platform, expand channel and partner presence, and meet the growing demand of customers worldwide. Founded in late 2019, Horizon3.ai has raised a total of $78.5M to date. 

The demand for NodeZero continues to skyrocket: Autonomous penetration testing was recently added as a new category in the U.S. Department of Defense Tech Watchlist. Customers using NodeZero today span 50 industries and 25 countries, including manufacturing, healthcare, financial services, education, and local government. 

With this new funding, San Francisco-based Horizon3.ai will integrate pentesting, SOAR, and detection engineering into a security platform that enables customers to proactively secure their enterprise. 

Horizon3.ai was founded in 2019 by former industry and U.S. National Security veterans with the mission to help organizations see their networks through the eyes of the attacker and proactively fix problems that truly matter, improve the effectiveness of their security initiatives, and ensure that they are prepared to respond to real cyberattacks. Visit https://www.horizon3.ai/ for a free trial.

Leave a comment »

White House Announces An Effort To Secure K-12 Schools From A Cybersecurity Standpoint

Posted in Commentary with tags on August 7, 2023 by itnerd

The White House has announced a new effort to secure K-12 schools:

According to a 2022 U.S. Government Accountability Office report, the loss of learning following a cyberattack ranged from three days to three weeks, and recovery time can take anywhere from two to nine months.  Further, the monetary losses to school districts following a cyber incident ranged from $50,000 to $1 million. That is why the Biden-Harris Administration has had a relentless focus on securing our nation’s critical infrastructure since day one, and continues to work tirelessly to provide resources that enable the U.S.’s more than 13,000 school districts to better protect and defend their students and employees against cyberattacks.

Allen Drennan, Co-Founder & Principal, Cordoniq had this to say:

As part of an overall strategy for cyber defense for K-12 schools, districts need to consider taking control over their implementation of both their LMS (learning management systems) and their virtual meeting solution. This is a necessity for controlling available, uptime and scale and handle issues related recovery management and for providing higher security standards and data privacy protection for students and teachers. Solutions that rely solely on cloud-based providers outside of control of the school district are subject to outages, availability concerns and malicious cyber threats.

As I have said previously, the education sector is a prime target for threat actors. Only through scaling the investments in cybersecurity can this sector be fully protected. Thus I applaud the White House for making this move.

UPDATE: Emily Phelps, Director, Cyware submitted this comment:   

“Since adopting digital technologies to adapt to a post-Covid world, securing public schools has become more challenging and more critical. We’re encouraged by the Department of Education’s announcement around strengthening cybersecurity resilience for K-12 entities. Working with CISA to develop practical, actionable guidelines and partnerships with private entities that can bolster K-12 public education’s defenses reinforces the commitment this administration has made to cybersecurity at federal and local levels. Collaboration and collective defense strategies are increasingly important to our public entities and citizenry, and as private-public partnerships garner attention and success, we hope these examples will motivate similar action.”  

Carol Volk, EVP, BullWall follows with this comment:    

“Google and the social media giants should be pumping money into K-12 cyber defenses and education, as they are as much the cause of this firestorm of malicious hacking as they are the benefactors of the younger generations embrace of 24-7 connectivity. With congress tightly focused on the responsibility these companies bear from social media fallout, we can expect these giants to be paying attention to this problem area.” 

UPDATE #2: Ani Chaudhuri, CEO, Dasera adds this:

The recent initiative by the Biden-Harris Administration to bolster cybersecurity in our K-12 schools is a commendable and urgently needed step. The surge in cyberattacks targeting the institutions that shape our future leaders has highlighted an alarming vulnerability. Imagine a nation where school districts are routinely disrupted, and the sensitive data of our children is compromised and auctioned off to the highest bidder.

In the 2022-23 academic year alone, we’ve seen significant cyberattacks on K-12 school districts that have compromised the personal data of students and employees. This isn’t just about data; it’s about our children’s future, their privacy, and the trust they place in the education system.

It’s heartening to see the federal government respond with vigor. The proposed pilot program, the collaboration between different governmental bodies, and the available resources to strengthen cybersecurity infrastructure are steps in the right direction. And while the involvement of education technology giants such as AWS, Google, and others is promising, it’s crucial to ask ourselves if it’s enough.

The real challenge is ensuring these policies and programs aren’t just reactive. We must be proactive, looking ahead to anticipate and thwart future cyber threats. Collaboration between public and private sectors should be constant, not just when disaster strikes. We must understand that the next generation’s education is now intrinsically linked with cybersecurity, and there is no room for complacency.

The increased attention to cybersecurity in our education system is a clear signal of our times. We need to instill a culture of cybersecurity from the classroom to the boardroom. Let’s not wait for another breach to shake us into action. The safety of our nation’s future is at stake.

Leave a comment »

Colorado Dept Of Education Warns Of Stolen Data That Spanned 13 Years

Posted in Commentary with tags on August 7, 2023 by itnerd

In a breach notification, The Colorado Department of Higher Education (CDHE) disclosed a massive data breach impacting current and past students and teachers after suffering a June, double-extortion ransomware attack.  According to the CDHE, their investigation revealed that the threat actors had access to their systems between June 11th and June 19th, and, during that time, data was stolen from the Department’s systems spanning 13 years, between 2004 and 2020.  The CDHE did not share how many people were impacted, but it likely encompasses a large number of individuals with those impacted including students, past students, and teachers who:  

  • Attended a public institution of higher education in Colorado between 2007-2020 
  • Attended a Colorado public high school between 2004-2020 
  • Had a Colorado K-12 public school educator license between 2010-2014 
  • Participated in the Dependent Tuition Assistance Program from 2009-2013 
  • Participated in Colorado Department of Education’s Adult Education Initiatives between 2013-2017 
  • Obtained a GED between 2007-2011

 The information stolen includes full names, social security numbers, dates of birth, addresses, proof of addresses, photocopies of government IDs, and potentially, police reports or complaints regarding identity theft. 

Emily Phelps, Director, Cyware:   

“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.” 

The education sector has always been a target for threat actors. Thus those in that sector need to beef things up to avoid being the next organization that gets pwned.

UPDATE: I have two more comments. Starting withCarol Volk, EVP, BullWall:   

“Thirteen years of data scooped up in a single breach. There are so many available ways to protect against both the breach and the exfiltration of data. We do not know what defenses the CDHE had in place, but it is imperative that Institutions implement the full scope of defenses, as the abuse of data they hold can harm generations of students.    

Yes, schools are doing their best to stand up the best preventative security tools they can, but there will never be budget or resources to stay ahead of the attackers. Ensuring tools are in place to contain an active attack is where education should focus next.”  

Emily Phelps, Director, Cyware follows with this:   

“Higher education institutions handle vast amounts of valuable data from a diverse user base but lack the resources and technology to effectively defend against cyber-attacks, making them attractive targets for cybercriminals. Practicing strong security hygiene, implementing regular cybersecurity awareness training, and maintaining a robust incident response plan can help mitigate the risks. Collaboration, public-private partnerships, and increased threat intelligence sharing across public entities can lead to more robust, comprehensive defenses, improving resilience and protecting both the organizations and their people.”

Leave a comment »

CISA’s New Strategic Plan Builds On Existing White House Cybersecurity Strategy 

Posted in Commentary with tags on August 7, 2023 by itnerd

CISA has released its FY2024-2026 Strategic Plan which sets out a vision to change the US’ national cybersecurity risk environment trajectory and builds on the White House’s strategy published last week.    

“Where the National Cyber Strategy calls for foundational shifts to help America outpace our adversaries and set a national agenda on our terms rather than theirs, and CISA’s Strategic Plan outlines how we’ll work together as a unified agency grounded in common values, our Cyber Strategic Plan focuses on the “how” and – of critical importance – how we’ll know if we’re making progress,” a statement by Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA noted.   

The plan outlines three goals: 

  • Goal 1: Address Immediate Threats.   
  • Goal 2: Harden the Terrain.   
  • Goal 3: Drive Security at Scale.                                                                                                                                                   

The Plan notes that too often threat actors succeed because of insecure environments where enterprises are “too difficult to defend, and our technology products are too vulnerable to protect.” And while the steps to overcome this are known, the design and development of products must adapt to mitigate the impact of exploitable vulnerabilities.  

“We must help organizations, particularly those that are “target rich, resource poor,” take the fewest possible steps to drive the most security impact,” the Plan states. 

Jason Keirstead, Vice President of Collective Threat Defense, Cyware had this comment:   

“CISA is taking a pragmatic and holistic approach to their 2024-2026 strategic plan. Organizations lack the resources to effectively defend against known and emerging threats, and to outpace the adversary, the industry must collaborate more often and more effectively. Even organizations with mature cybersecurity programs often struggle to adequately safeguard every vulnerability. CISA’s focus on collaboration, intelligence sharing, and scalability has potential to measurably strengthen our overall security posture.”

Roy Akerman, Co-Founder & CEO, Rezonate follows up with this:   

“It’s commendable to witness CISA advancing the cybersecurity narrative in such a strategic manner. Drawing from my experiences with cyber defense in Israel, this step accentuates the criticality of prompt detection and response. The recognition that adversaries will always seek and often find vulnerabilities underscores the importance of evolving our SecOps and Identity and Access security programs. In essence, it’s about being several steps ahead, rather than merely reacting.” – Roy Akerman, CEO of Rezonate and former head of cyber defense operations for the Israeli Government.

Having a strategy is great. But it’s all about implementing this strategy and getting people to buy into it. I’m reserving judgement until I see how well that part is done. But on paper, this is a good move by the White House.

UPDATE: Wade Ellery, Field CTO, Radiant Logic had this to say:    

“The recent update to CISA’S comprehensive plan marks a significant stride in the nation’s ongoing efforts to bolster its digital security landscape. An identity-focused strategy stands out as an indispensable and highly effective approach to fortifying systems across the U.S.

Managing identities have become more complicated for organizations, regardless of industry or size. As the government looks to implement a comprehensive plan, it must take into consideration the types of attacks plaguing the U.S. – Identity-related attacks make up the bulk of cyber-attacks, calling into question the way businesses handle their identity data. 

Having clean, unified Identity data has emerged as a central pillar in safeguarding sensitive information, fending off cyber threats and ensuring the integrity of digital environments. This approach centers on verifying and managing the identities of users and allows for full visibility and control over who can access specific resources within a system. This fine-grained access control, integrated into a Zero Trust Architecture, can help minimize the attack surface, limit the risk of unauthorized parties entering the system and detect threats early on.”

Leave a comment »

IPv4.Global Hits $1 Billion Milestone for IPv4 Sales

Posted in Commentary with tags on August 7, 2023 by itnerd

IPv4.Global, the world’s largest, most-trusted and transparent IPv4 marketplace, today announced it reached $1 billion in IPv4 address sales. 

Of the five Regional Internet Registries responsible for distributing IP addresses, most have run out of IPv4 addresses. However, there remains a robust global demand for IPv4 addresses, especially by growing networks. These assets, which rarely appear on balance sheets or asset schedules, have become a source of cash for organizations in all sectors with unused blocks of addresses.

IPv4.Global’s success and momentum in the field is a direct result of its transparent marketplace, which is the most comprehensive in the industry and the only one to publicly publish the current pricing of IPv4 blocks traded on its platform. IPv4.Global’s recent first half of 2023 trends report highlighted current pricing and trends that impacted the market. While the analysis suggests stable to rising prices in 2023 for large blocks, small blockprices have been falling. Increased and increasing worldwide volumes support the thesis that prices will rise. 

The company’s $1B transfer milestone can also be linked to the skills of the dedicated IPv4.Global team. The company’s transfer agents are well versed in navigating the complexity of IPv4 transfers and make the potentially onerous process fast and seamless for both buyers and sellers. This expertise was recently recognized by ARIN, who named IPv4.Global as one of the few companies to meet the rigorous requirements for its Qualified Facilitator Status

The company’s technical expertise also means that it can help rehabilitate the reputation of IP blocks previously hijacked by spammers. It also offers a free audit tool, ReView, that allows network operators and administrators to gain visibility of their IP address usage quickly and easily, and more effectively manage their records. 

IPv4.Global customers have also benefitted from the fact that the company is backed by Hilco Streambank – which has multiple options for financing the acquisition, sale, or leasing of IPv4 addresses. 

Leave a comment »

ThreatConnect Enables Customers to Operationalize Intelligence Requirements with New Industry-First Capability

Posted in Commentary with tags on August 7, 2023 by itnerd

ThreatConnect, Inc, maker of industry-leading AI and ML-powered threat intelligence operations (TI Ops) and cyber risk quantification solutions, today announced its new Intelligence Requirements capability. This new capability strengthens ThreatConnect’s TI Ops Platform by allowing customers to define, manage, and track their intelligence requirements (IRs), priority intelligence requirements (PIRs), and requests for information (RFIs) more effectively, making it easier to identify relevant intelligence, track the value of their intelligence sources, and take proactive action against the most dangerous threats. 

With limited resources, it’s more critical than ever that cybersecurity teams are deeply aligned with both business priorities and an evolving threat landscape. Too often, threat intelligence is produced ad-hoc and siloed without input from stakeholders leading to ineffectual intel and wasted efforts. IRs and PIRs represent a common language that drives stakeholder input and organizational alignment. A recent ThreatConnect customer survey found that 94% find PIRs highly or moderately helpful in improving cyber threat intelligence teams’ performance. However, 93% reported one or more challenges with communicating and operationalizing PIRs. 

ThreatConnect is tackling the problem of effectively operationalizing these requirements in its next release. With built-in support for defining, implementing, and identifying intelligence related to IRs and PIRs, ThreatConnect empowers security professionals to quickly and easily create optimally defined requirements and use them to identify relevant intelligence within the customer’s own Threat Library and ThreatConnect’s ML and AI-powered Global Intelligence.  

IRs and PIRs are a critical component of ThreatConnect’s Evolved Threat Intelligence Lifecycle planning stage. The planning and direction phase of the threat intelligence cycle is complex, often overlooked, and has a significant downstream impact on the rest of the process. CTI analysts are dealing with substantial data challenges, making it time intensive to process and prioritize what is specifically relevant to the organization. This new product feature helps articulate requirements and form the foundation of the evolved threat lifecycle, no matter the team’s maturity. IRs also save users time by automatically parsing incoming and relevant intelligence related to each requirement.

ThreatConnect’s new IRs feature enhances TI Ops capabilities by:

  • Streamlining the implementation, integration, and management of PIRs directly in the platform instead of with documents and spreadsheets.
  • Improving threat detection, response times, and risk mitigation actions through matching new intelligence relevant to your requirements.
  • Facilitating the efficient production and dissemination of relevant intelligence to stakeholders, empowering them with timely and accurate information to respond quickly and effectively to threats, substantially reducing risks.

Leave a comment »

Twitter Blue Is Now X Premium…. And Elon CLAIMS That He Will Cover Your Legal Bills If Your Twitter Habits Get You Into Trouble

Posted in Commentary with tags on August 6, 2023 by itnerd

Boy the last 24 hours on Twitter, or X, or whatever the hell it’s called has been eventful.

As part of this rather ill advised rebrand of Twitter to X, Twitter Blue is now X Premium. Elon sort of made the announcement early yesterday, along with some other details:

But that’s not the only thing that he did. He also said this on Twitter:

One thing to keep in mind is that Elon has a habit of Tweeting stuff that never comes true. Especially with Tesla. So I would take this with a grain of salt and nobody should expect that Elon will ever make good on this promise. If you want to call it that.

I wonder what else that Elon will randomly say and promise on Twitter?

Leave a comment »

Numerous Hospitals Pwned In Cyber Attack

Posted in Commentary with tags on August 5, 2023 by itnerd

ABC is reporting that a number of hospitals in a number of states that are part of Prospect Medical Holdings have been pwned in a cyberattack:

Hospitals and clinics in several states on Friday began the time-consuming process of recovering from a cyberattack that disrupted their computer systems, forcing some emergency rooms to shut down and ambulances to be diverted.

Many primary care services at facilities run by Prospect Medical Holdings remained closed on Friday as security experts worked to determine the extent of the problem and resolve it.

John Riggi, the American Hospital Association’s national advisory for cybersecurity and risk, said the recovery process can often take weeks, with hospitals in the meantime reverting to paper systems and humans to do things such as monitor equipment and run records between departments.

“These are threat-to-life crimes, which risk not only the safety of the patients within the hospital, but also risk the safety of the entire community that depends on the availability of that emergency department to be there,” Riggi said.

The latest “data security incident” began Thursday at facilities operated by Prospect, which is based in California and has hospitals and clinics there and in Texas, Connecticut, Rhode Island and Pennsylvania.

“Upon learning of this, we took our systems offline to protect them and launched an investigation with the help of third-party cybersecurity specialists,” the company said in a statement Friday. “While our investigation continues, we are focused on addressing the pressing needs of our patients as we work diligently to return to normal operations as quickly as possible.”

The White House has been monitoring the cyberattack, said Adrienne Watson, a spokesperson for the National Security Council.

Ani Chaudhuri, CEO, Dasera had this comment:

The recent cyberattack on Prospect Medical Holdings, leading to disrupted services in hospitals across several states, underscores a grim reality – no sector, no matter how critical, is immune to cyber threats. The impact on healthcare, already strained under the weight of the ongoing global health crisis, has immediate and far-reaching consequences on human lives. My heart goes out to the patients and healthcare providers grappling with the fallout from this event.

First and foremost, it’s essential to acknowledge that securing and governing data, especially in the cloud, is a Herculean task. We’re exploring uncharted territories where traditional security perimeters evaporate, and data sprawl is becoming increasingly common. The interconnectedness of data makes hospitals and healthcare systems particularly vulnerable as they handle massive amounts of sensitive and personal health data daily.

Moreover, the COVID-19 pandemic has accelerated the digital transformation in healthcare, pushing many providers to adopt cloud technologies quickly, often without the opportunity to implement robust security measures. It’s a harsh reminder that cybersecurity isn’t an ‘add-on’ but an integral part of our digital infrastructure that requires as much attention and investment as any other part of the system.

Empathy must also extend to understanding the colossal challenges of protecting sensitive data and maintaining services during a cyberattack. As a cybersecurity professional, I know that these are trying times, and while we aspire to prevent every attack, the truth is that no system is foolproof.

The incident also emphasizes the urgency of a multi-layered defense strategy. Zero trust security, robust data governance, regular cybersecurity audits, and continuous employee training are all vital components of such a strategy.

Even though the landscape might seem overwhelming, it’s important not to lose sight of our collective strength. Cybersecurity isn’t just the domain of security experts; it’s everyone’s responsibility. The healthcare sector and every industry need to work with cybersecurity companies, policymakers, and educators to raise awareness and build resilience at all levels of the organization.

In the face of this adversity, we must remind ourselves that while every company and sector is susceptible to attacks, we also possess the resourcefulness and resilience to adapt, learn, and grow stronger. It’s a steep mountain, but we’ll conquer it together.

This is not a good situation and again illustrates that cyberattacks can be very dangerous to us all. It also illustrates that more needs to be done to ensure that cyberattacks do not have this level of disruption.

Leave a comment »

Cyber-Attacks Targeting Government Agencies Have Increased By 40%

Posted in Commentary with tags on August 5, 2023 by itnerd

Cyber-attacks against government and public sector services rose 40% last quarter, according to BlackBerry Cybersecurity’s 2nd Quarterly Threat Intelligence Report published this week. The report claimed they stopped 1.5 million attacks from March to May of this year, 55,000 of which targeted government and public sectors.

Highlights:

90 days –Blocked over 1.5 million attacks

  • Approximately 11.5 attacks /minute.
  • Roughly 1.7 novel malware samples /minute
  • A 13% increase from the previous reporting period

Most targeted industries – Healthcare, Financial and Government services with information-stealing malware, or infostealers

Remote access increases cyber risk 

  • Rise of mobile banking malware targeting digital and mobile banking
  • Growing availability of commodity malware
  • Increase in Ransomware attacks

Researchers confirmed that the five most frequently used tactics were in the categories of discovery and defense evasion “demonstrating that attackers are diversifying their tooling in an attempt to bypass defensive controls, especially those legacy solutions based on signatures and hashes,” reads the report.Attacks during this period were predominantly focused on North America by groups such as LockBit, BlackByte and of course Clops MOVEit supply chain attacks.

George McGregor, VP, Approov had this to say:  

“This is another report which shows the increasing sophistication and frequency of cyberattacks.   “Although the geographic data in the report may reflect more the deployment of the Blackberry solutions, the conclusions that healthcare, financial services and government services are a primary focus for attackers does resonate with our own research as does the growth of discovery techniques. Specifically, we are increasingly seeing bad actors harvesting useful information from mobile apps for use in subsequent attacks.”

Governments are prime targets for threat actors. Hopefully that sector is doing everything possible to protect themselves from threats that are clearly out there.

Leave a comment »

Microsoft Warns Of Cybersecurity Complexities At Sporting Events

Posted in Commentary with tags on August 5, 2023 by itnerd

In a new study by Microsoft called the State of Play report, Microsoft highlighted the growing opportunities for threat actors to target high-profile sporting events, “especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities and attendees.”While managing the critical-infrastructure cybersecurity at the 2022 FIFA World Cup in Qatar, Microsoft observed attackers continuously attempting to compromise connected systems through identity-based attacks.

  • “What we saw was consistent, with cyber-criminals being opportunistic and seeing where they can infiltrate and find gaps between a lot of connected systems, in the context of a large event. The cybercrime economy’s sheer size and low barriers to entry make this kind of opportunism a significant risk to account for in planning and having layered defenses in place.
  • “What makes the sports landscape unique is that the IT assets and operations are so different, you have a lot of mobile devices across teams and staff, and a lot of connectivity across different stadiums, training facilities, hotels and other venues. And the nature of these connections is that they stand up and down as teams complete in seasons and tournaments,” said Justin Turner, Principal Group Manager, Microsoft Security Research.

Furthermore, this allows threat actors to simultaneously target mobile payment and retail systems, socially-engineer participants, and scan for unpatched/misconfigured devices. Also, security complexity is compounded as there are numerous parties managing a multitude of systems, such as corporate sponsors, municipal authorities and third-party contractors.

George McGregor, VP, Approov has this comment:  

“A key element are the apps which are launched for events (for example the FIFA Women’s World Cup app – 10M+ downloads on Android) which are intended to be a “one-stop shop” for events. Unless they are protected, they can leak personal financial data and also be a source of other information which can be used in broader infrastructure attacks.”

Amit Patel, SVP, Cyware follows up with this:  

“Anytime you gather tens of thousands of people together using shared infrastructure it’s an attractive target for attackers. Major sports leagues are realizing that they need to address security collectively – not relying on local capabilities. By monitoring threats globally, and sharing intel automatically across leagues and venues, and anticipating attacks, we can reduce risks considerably.”

Sporting events are clearly not the safe places that they once were. This is why not only the people who run these events have to make sure that there is a holistic view of their cybersecurity landscape, but we have to do our part by being mindful of the fact that there are threats that might be lurking at these events.

Leave a comment »

« Older Entries
Newer Entries »