Email Threats Spike 101% Year Over Year Says Trend Micro

Posted in Commentary with tags on June 21, 2022 by itnerd

Trend Micro announced today that it has blocked over 33.6 million cloud email threats in 2021, a 101% increase on the previous year. This stark increase in attacks proves that email remains a top point of entry for cyber attacks.

The data was collected over the course of 2021 from products that supplement native protection in collaboration platforms such as Microsoft 365 and Google Workspace. 

Other key findings include:

  • 16.5 million detected and blocked phishing attacks, a 138% increase as the hybrid workforce continued to be targeted
  • 6.3 million credential phishing attacks, a 15% increase as phishing remains a primary means of compromise
  • 3.3 million malicious files detected, including a 134% surge in known threats and a 221% increase in unknown malware

More positively, ransomware detections continued to decline by 43% year-over-year. This could be because attacks are becoming more targeted, along with Trend Micro’s successful blocking of ransomware affiliate tools such as Trickbot and BazarLoader.

Business email compromise (BEC) detections also fell by 11%. However, there was an 83% increase in BEC threats detected using Trend Micro’s AI-powered writing style analysis feature, indicating that these scams may be getting more sophisticated.

To read a full copy of the Cloud App Security Threat Report, please visit: https://www.trendmicro.com/vinfo/us//security/research-and-analysis/threat-reports/roundup/trend-micro-cloud-app-security-threat-report-2021

Leave a comment »

Retrospect Announces Retrospect Cloud for Simple Offsite Data Protection

Posted in Commentary with tags on June 21, 2022 by itnerd

 Retrospect™, a StorCentric company, today announced Retrospect Cloud Storage, Retrospect Backup 19, and Retrospect Virtual 2022. With Retrospect Cloud Storage integrated into Retrospect, businesses have a complete ransomware protection and detection solution that encompasses on-premise and cloud protection. Retrospect Cloud Storage is a low-cost, high-availability (HA) cloud storage service, with 13 data centers located around the world. Retrospect Cloud Storage has been one of the most requested features from Retrospect’s customers, combining the simplicity of a single subscription with seamless integration into Retrospect Backup.

Ransomware continues to hamper businesses around the world, locking them out of their business workflows and demanding exorbitant payments. With the availability of Ransomware-as-a-Service (RaaS), those attacks will become even more frequent, targeting ever-wider segments of businesses. Organizations need tools to defend themselves, both to protect their data and to detect early signs of intrusion.

With Retrospect Backup 19 and Retrospect Virtual 2022, businesses around the world can now protect their critical infrastructure on Retrospect Cloud Storage, with complete support for immutable backups and anomaly detection, as well as on-premise with Retrospect’s deep support for NAS devices, including the new Nexsan EZ-NAS unit with Retrospect built-in, and tape libraries, including LTO-9 support.

Retrospect Cloud Storage is built on Wasabi Technologies’ Hot Cloud Storage, providing lightning-fast object storage. Retrospect Cloud Storage leverages that foundation to provide advanced data protection features like immutable backups. With Retrospect’s AES-256 at-rest encryption, sensitive data can be backed up to Retrospect Cloud Storage but guaranteed to remain private from the underlying infrastructure provider, including Retrospect, Inc. and Wasabi Technologies. Using Retrospect Cloud Storage and the multi-homed backups with the 3-2-1 backup rule, businesses are fully protected and encrypted from ransomware attacks with on-premise and cloud backups.

Retrospect Backup 19

Also included in Retrospect Backup 19:

  • Backup Comparison: Businesses need to understand not only what is in a backup but what changed between backups. Using anomaly detection and backup comparison, administrators can identify exactly which files changed to signal an anomaly and evaluate their contents to isolate valid ransomware infections.
  • OS Compliance Checks: Many ransomware variants depend on unpatched systems for infiltration. Retrospect Backup now utilizes its extensive footprint to aggregate system information and identify systems that are out of compliance with the latest version of each operating system.

In addition, Retrospect Backup 19.1 will be released on August 30 with the following features:

  • Multi-Factor Authentication (MFA): Identity protection is important even for on-premise applications. Retrospect Backup will support configuration encryption and multi-factor authentication combined with a password prompt. Even if an attacker gains administrative access to the computer where Retrospect Backup runs, they will not be able to access the program or the configuration files.
  • Flexible Immutable Retention Periods: Retrospect will support an additional type of retention where Retrospect extends the period on past backups instead of including that data in new backups.
  • Additional 12 Worldwide Locations for Retrospect Cloud Storage: Retrospect Cloud Storage will include twelve additional worldwide locations, certifying each of Wasabi’s data centers around the world.
  • Microsoft Azure for Government: Retrospect will support blob storage on Microsoft Azure for Government to enhance support for state and local agencies looking for data protection in a US-based high-security data center.

Finally, Retrospect Management Console, the hosted backup analytics service, will be updated on August 30 to include the following features:

  • Multi-Factor Authentication (MFA): Identity protection is crucial for cloud services, and Retrospect Management Console will offer app-based multi-factor authentication for a more secure workflow.
  • Redesigned Reporting: The dashboard will be redesigned to better aggregate information for larger environments to address reporting pains in significantly larger backup infrastructure.
  • User Roles: Organizations will be able to assign roles to individual users, with “Administrators” able to access any function within the service and “Viewers” able to utilize the extensive reporting capabilities without worrying about changing any settings.
  • Audit Log: Administrators will be able to access a full audit log for actions taken by any users on their account.

Retrospect Virtual 2022

Included in Retrospect Virtual 2022:

  • Faster Backups and Restores: Fast data protection is critical in physical and virtual environments. Retrospect Virtual is now significantly faster at backups and restores.
  • Backup Data Deduplication: With advanced data deduplication, Retrospect Virtual can now protect larger amount of data in a smaller storage space.
  • Hyper-V 2022 Support: Hyper-V 2022 is the latest version of Microsoft’s virtualization software, and Retrospect Virtual is now fully certified for it.

Pricing and Free 30-Day Trial

For Retrospect Backup pricing details, please visit: https://www.retrospect.com/store. To request a free 30-day trial, please visit: https://www.retrospect.com/try.

General Availability

Retrospect Backup 19.0 and Retrospect Virtual 2022 will be generally available on July 12, and Retrospect Backup 19.1 and Retrospect Management Console updates will be generally available on August 30.

Leave a comment »

Ninety Percent Of Canadian Organizations indicate That They Have Experienced A Cyberattack In The Past Year: CDW Canada

Posted in Commentary with tags on June 21, 2022 by itnerd

CDW Canada today launched its annual Security Study, Advancing the Maturity of Canadian Organizations, which explores the state of IT security in Canada and evaluates the top cybersecurity challenges facing Canadian organizations today. The report uncovered that as the cybersecurity threat landscape evolves, Canadian organizations have become over-exposed to cyberattacks.   

CDW’s Security Study revealed regardless of size, industry or location, 90 percent of Canadian organizations surveyed have experienced a cyberattack in the past year. As cyberattacks increase in frequency, sophistication and severity, more organizations are taking a Zero-Trust approach to security.  

Additional highlights from the report include:   

  • Nearly three-quarters (73%) of Canadian companies surveyed reported having experienced data infiltration attacks with ransom demands in the past year, and 76% reported repeat ransom demands. 
  • 30% of organizations have adopted Zero Trust, while another 40% have it under process.    

There are many more findings outlined in the report, which can be accessed here. It’s very much worth a read.

Leave a comment »

New APT Group Targets Exchange Servers in Asia & Europe

Posted in Commentary with tags on June 21, 2022 by itnerd

An APT group has been actively targeting Microsoft Exchange servers since at least December 2020, according the researchers at Kaspersky’s Global Research & Analysis Team (GReAT). Security researchers have also found a previously unknown passive backdoor they named Samurai and a new trojan malware dubbed Ninja Trojan. Both malware strains allow the attackers to take control of infected systems and move laterally within the victims’ network. Which of course means that these malware strains are very dangerous.

Christopher Prewitt, CTO of Inversion6 had this commentary:

In March of 2020, Microsoft released patches to fix the Exchange exploit. It was thought that Chinese nation state actors were the ones who uncovered this vulnerability and were exploiting prior to discovery and disclosure. ToddyCat, likely linked to Chinese espionage activities, has been focused on Europe and Asia using the familiar China Chopper web shell.

The Samurai backdoor, in some cases has been used to deploy a post-exploitation toolkit dubbed Ninja. Ninja allows for full control of a system including shell access, and appears to have been developed by ToddyCat.

My thoughts go something like this. While these attacks are presently targeted towards high-profile entities in Europe and Asia, I can see this branching out to North America. Assuming that it hasn’t already. Thus I would make sure that your Exchange servers have all the patches needed to defend against this exploit.

UPDATE: Aimei Wei, CTO and Founder, Stellar Cyber added this commentary:

“When a vulnerability is discovered, it takes time for the patch to be available for all the impacted software releases. Usually, the newer releases get patched faster than older ones. It could take more than a year for patches to be available to earlier releases. The New ToddyCat APT group that has been actively targeting Microsoft Exchange servers since at least Dec. 2020 are still exploiting the vulnerability to attack even more entities from more countries. While actively patching the systems is critical to be protected from the attacks, it can’t always be achieved within short period of time, having a threat detection and response system that can effectively detect lateral movement and help to stop the attacks at the early stage is an important catch all mechanism.”

And Jake Williams, Executive Director of Cyber Threat Intelligence for SCYTHE had this to say:

The Samurai backdoor is a textbook example of a tool used to expand a beachhead access to an internal network. After the backdoor is deployed on an Internet facing Exchange server, network redirection modules are deployed that facilitate access by the threat actors to the internal network. Network redirection isn’t new, is especially useful when deployed on a server that is expected to communicate with many external and internal destinations. While zero-trust networking principles could limit some communication, threat actors will always execute actions on objectives on endpoints inside the network. A combination of network and endpoint controls, configured in alignment with the organization’s specific operational model, will be required to detect stealthy actors like ToddyCat after they gain access to a network.

Leave a comment »

Takeda Canada Innovation Challenge Awarded To Pentavere 

Posted in Commentary with tags , on June 21, 2022 by itnerd

Pentavere Research Group Inc. has been awarded the first Takeda Canada Innovation Challenge. The Innovation Challenge was launched in January 2022 to accelerate partnerships in identifying new digital technologies and artificial intelligence (AI) solutions that support enhanced patient care in inflammatory bowel disease (IBD) or rare disease conditions.  

Pentavere Research Group Inc. is a clinical discovery company that has developed a breakthrough, proprietary, artificial intelligence (AI) engine called DARWEN™, which accelerates discovery from vast amounts of clinical text.  DARWEN™ unlocks value, insights and evidence from clinical information which is impossible to analyze by human intelligence alone.

Pentavere will have the opportunity to collaborate and benefit from Takeda’s expertise and extensive international network, as well as funding, to build a proof of concept project in the areas of rare diseases.

The Takeda Canada Innovation Challenge received multiple submissions within the fields of early diagnosis or integrated and personalized care, applicable to the therapeutic areas of inflammatory bowel disease (ulcerative colitis or Crohn’s disease) or rare genetic diseases.

Leave a comment »

Guest Post: Almost 70% Of Email Scammers Leave The ‘Subject’ Line Empty Says Atlas VPN

Posted in Commentary with tags on June 21, 2022 by itnerd

In phishing attacks, scammers will employ social engineering techniques to get you to click on their email.

According to the data presented by the Atlas VPN team, 67% of scammers leave the ‘subject’ line empty in malicious emails. Other ‘subject’ lines are not nearly as used as just keeping it blank, which can be a major red flag when identifying a phishing email.

About 9% of attackers would type in ‘Fax Delivery Report’ in the subject line of phishing emails. Nearly 6% of email scammers enter ‘Business Proposal Request’ as the subject line. Furthermore, 4% of threat actors would write a simple ‘Request’ as the email’s subject. Another 4% of attackers are trying to set up a ‘Meeting’ with their victims.

Almost 3.5% of scammers would send emails with the subject ‘You have (1*) New Voice Message’. Moreover, 2% of threat actors would type in ‘Re: Request’ in the subject of their phishing emails.

The tactic used in phishing emails is often to urge the user to click on the email or link without much thought. Some subjects are directed at business employees who might have real and fake ‘meetings’ or ‘business requests’ mixed in their inboxes.

To read the full article, head over to: https://atlasvpn.com/blog/study-almost-70-of-email-scammers-leave-the-subject-line-empty

Leave a comment »

Website Retailers Selling Domains Meant For Illicit Goods And Services: Digital Citizens Alliance

Posted in Commentary with tags on June 21, 2022 by itnerd

Domain names geared to offer illicit goods and services – from illegally purchased guns to opioids to Covid vaccine cards – remain easy to acquire from leading registrars and domain brokers, a Digital Citizens Alliance investigation has found.

The findings of the “Peddling for Profit” report are troubling and show that, despite warnings, little has been done to prevent the sale of website domains designed for illegal activity. Just last year, Digital Citizens investigators raised alarms about the ease with which registrars and domain brokers enabled the creation of websites designed to profit from illegal and/or illicit activities.

Little stands in the way of bad actors being able to create websites – such as buyillegalassaultweapons.co – designed for illegal activity.

When Digital Citizens sought sketchy domains such as covidvaccinecardsforsale.net, brokers that help acquire previously registered names asked no questions even when investigators informed the broker of the intent to “market to the unvaccinated who want Covid cards.”

A decade after the opioid crisis went from bad to catastrophic, domains offering the drugs -without a prescription – are easily attainable. Digital Citizens registered buyopioidswithoutrx.biz. And while many Americans are victimized by ransomware or other cyberattacks, registrars make it easy to acquire domains such as Malwareforsale.com.

Americans are looking for these website retailers to step up. Eighty-two percent of Americans said that they want companies selling tech services to business websites to regularly verify the identity of the company operators, according to a YouGov survey commissioned by Digital Citizens. In addition, 54 percent reported that if companies met these obligations, they would protect consumers from scammers, hackers, and thieves.

To read the Peddling for Profit report, go to:
https://www.digitalcitizensalliance.org/clientuploads/directory/Reports/DCA-Peddling-For-Profit.pdf 

To view the YouGov polling, please visit the appendix of the report.

Leave a comment »

Cloudflare Tanks For Several Hours Taking A Whole Lot Of Websites And Apps With It

Posted in Commentary with tags on June 21, 2022 by itnerd

Web domains and apps failed to connect this morning due to an outage at content delivery network provider Clouldflare. This impacted tens of thousands of users of said websites and apps. But to the company’s credit, they identified a problem and fixed in a few hours it based on this. But the outage still caused chaos because when Cloudflare goes down, the entire Internet feels it.

Having said that, things should be back to normal. Unless perhaps you’re an Office365 user.

UPDATE: The issue was caused by a network configuration error according to Cloudflare.

Leave a comment »

Microsoft Office365 Appears To Be Having Issues

Posted in Commentary with tags on June 21, 2022 by itnerd

Are you having trouble with Microsoft Office365 this morning? If so, you’re not alone as it appears to be having issues. Users have been reporting the following:

  • Being asked to relogin to their accounts
  • Emails stuck in queues and not getting delivered
  • Not being able to access their Exchange Online mailboxes via any connection method they tried. 

Microsoft has seemed to admit that there’s a problem.

I’ve done some testing with a couple of Office365 accounts and I only have issues with one of them. So this is a thing quite clearly. I’ll be keeping an eye on this as this is possibly going to impact a large number of people.

1 Comment »

Leaked Audio From TikTok Shows That US Data Has Been Accessed From China

Posted in Commentary with tags on June 20, 2022 by itnerd

TikTok for a very long time has been saying that data on US users is stored in the US and the Chinese have no access to it. It now turns out that this may not be true as Buzzfeed has blown the lid off of this talking point from TikTok with leaked audio that seems to confirm that the Chinese do have access to data on US users:

The recordings, which were reviewed by BuzzFeed News, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022, at the very least. Despite a TikTok executive’s sworn testimony in an October 2021 Senate hearing that a “world-renowned, US-based security team” decides who gets access to this data, nine statements by eight different employees describe situations where US employees had to turn to their colleagues in China to determine how US user data was flowing. US staff did not have permission or knowledge of how to access the data on their own, according to the tapes.

“Everything is seen in China,” said a member of TikTok’s Trust and Safety department in a September 2021 meeting. In another September meeting, a director referred to one Beijing-based engineer as a “Master Admin” who “has access to everything.” (While many employees introduced themselves by name and title in the recordings, BuzzFeed News is not naming anyone to protect their privacy.)

This is a huge problem for TikTok. Starting with the fact that TikTok appears to have lied in a Senate hearing. And that these recordings paint a very different picture than the one that TikTok wants you to see. While TikTok continues to argue that the data resides in the US which means you shouldn’t worry, that’s meaningless as data can be accessed from anywhere. Which means that the Chinese government can go after anyone they choose. Hopefully this gets the attention of lawmakers and said lawmakers drag TikTok in front of them to explain this in detail, or face extinction. Because this is not cool.

Oh, and if you use the TikTok app, you might want to reconsider your use of that app based on this.

1 Comment »

« Older Entries
Newer Entries »