The IT Nerd

Later this month, the Biden administration will bring together 30 countries to discuss and address the threat of ransomware attacks. According to a statement, the meeting will “accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically.”

Security experts at vulnerability management and threat assessment Digital Defense by HelpSystems say, “Ransomware is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or can have the work done for them with ransomware-as-a-service (RAAS). And with the advent of cryptocurrency like Bitcoin, attackers can be nearly impossible to trace.”

Aside from the recent series of ransomware attacks on several U.S. critical infrastructure companies, including the Colonial Pipeline, threat actors and cybercriminal organizations also demonstrated how quickly they can adapt during the Coronavirus pandemic. Taking advantage of the transition to remote work and general upheaval, ransomware attacks spiked in the first months. Phishing efforts increased dramatically, with Google reporting that they were blocking 18 million phishing emails a day that contained the keyword “COVID-19,” in addition to 240 million emails with the simplified term “COVID”.

But what can be done to reduce ransomware risk?

Digital Defense experts say, “While the outlook may seem bleak, there are plenty of options to help safeguard your organization. First, we must all have realistic expectations—ransomware breaches are no longer fully preventable.  Instead, the goal is to put as many barriers in place between an attacker and an organization’s critical, sensitive data.

• Running vulnerability scans and regularly penetration testing your environment helps find new vectors before an attacker does, minimizing risk. These proactive measures uncover potential vulnerabilities that an attacker may use to move laterally within a breached system or escalate their privileges.
• Social engineering pen testing can uncover who is susceptible to these attacks by launching phishing simulation campaigns. From there, additional training can be provided to teach your employees how to be more vigilant before clicking another suspicious email.
• Finally, it is critical to be able to detect ransomware breaches as quickly as possible, to minimize damage or thwart attackers completely. Threat detection tools like network traffic analysis (NTA) work to monitor your network for malicious activity, alerting your security team the moment an active infection is uncovered.
• You can also enhance your endpoint protection technologies with active threat scans. After a breach is caught, there’s no time to sigh with relief, as it’s important to investigate the cause and assess the state of the environment to ensure that there won’t be a repeat attack.

Ultimately, it’s tempting to want to throw up your hands as the ongoing threat of ransomware looms large, but constant vigilance is a long-term strategy to combat this ongoing problem.”

Digital Defense, by HelpSystems, a leader in vulnerability management and threat assessment solutions, today announced that it has entered into a managed service provider (MSP) agreement with data security specialist Private Protocol.

Headquartered in South Africa, with offices in the United Kingdom and Mauritius, Private Protocol offers data protection and IT security solutions that prevent data leakage and improve overall data security. The partnership will allow Private Protocol to expand its cybersecurity portfolio by offering and implementing Digital Defense’s Frontline vulnerability management and threat assessment solutions, taking the company from a data and access security solutions provider to a complete IT security company with an expanded security product line. Partnering with Private Protocol allows Digital Defense to further expand its international reach into the UK and South Africa regions, helping companies of all sizes better protect their data and IT infrastructure from cyberattacks.

The Digital Defense MSP Partner Program, along with Digital Defense’s cloud-native SaaS platform, Frontline.Cloud, creates actionable opportunities for MSP, MSSP (managed security service providers) and MDR (managed detection and response) partners to help more clients in the rapidly growing cybersecurity market.

For more information about Digital Defense’s partner programs or to become a partner, visit: https://www.digitaldefense.com/partners/.

HelpSystems announced today the acquisition of Digital Defense, a leader in vulnerability management and threat assessment solutions. Digital Defense’s cloud-native vulnerability scanning engine gives organizations in healthcare, legal, financial services, and other industries the ability to proactively detect infrastructure security gaps and take effective remediation steps to safeguard against internal and external cyberthreats. As part of HelpSystems’ cybersecurity portfolio, Digital Defense joins Core Security and Cobalt Strike to establish a comprehensive, best-in-class security assessment toolkit. 

The Digital Defense platforms encompass enterprise security needs across penetration testing, employee training, cybersecurity defense, enterprise risk assessment, and physical security testing. The vulnerability scanning engine is noteworthy for its ability to enable pen-testers to focus their efforts on identified issues rather than blindly testing the network. For companies that lack the internal bandwidth or expertise necessary to carry out this critical function, Digital Defense’s team of US-based pen testers is a trusted resource to conduct the tests. 

KPMG Corporate Finance LLC (“KPMG CF”) acted as exclusive investment banking advisor to Digital Defense, and Norton Rose Fulbright was the exclusive legal advisor to Digital Defense. 

HelpSystems is a software company focused on helping exceptional organizations Build a Better IT™. Their cybersecurity and automation software simplifies critical IT processes to give customers peace of mind. They know IT transformation is a journey, not a destination. Learn more at www.helpsystems.com. 

Digital Defense, Inc., a leader in vulnerability management and threat assessment solutions, today announced the integration of its Frontline Vulnerability Manager™ (Frontline VM™) proprietary scanning technology, part of its Frontline.Cloud™ cloud-native software as a service (SaaS) platform, with the LogRhythm NextGen SIEM Platform. The combined solution improves threat detection and response through risk-based prioritization and remediation that can be leveraged by any size organization or as part of a comprehensive managed services offering for managed security providers (MSPs) and managed service security providers (MSSPs).

As security information and event management (SIEM) becomes the basis for security operations center (SOC) platforms, integrating vulnerability management and risk posture information helps security teams understand which systems are most severely impacted by threats and provide needed context for security teams to remediate systems. As a member of the LogRhythm Technology Alliance Partner (TAP) Program, Digital Defense enables clients, MSPs and MSSPs to leverage vulnerability and threat assessment data from Frontline.Cloud that is ingested and correlated by the LogRhythm Platform to assess the risk posture of systems and leverage that data to prioritize threat investigations and remediation efforts.

The integration supports on-premises, hybrid-cloud and multi-tenant environments to provide the following benefits:

• Frontline.Cloud feeds real-time asset information and context into the LogRhythm NextGen SIEM Platform, including deduplication of assets such as virtual, cloud and mobile infrastructures that are dynamic in nature.
• In a dedicated dashboard within the LogRhythm Platform, Frontline.Cloud provides customized vulnerability risk and threat posture and prioritization based on business criticality for each asset.
• The LogRhythm Platform can provide better prioritization, real-time asset context and risk posture customized for client environments with the goal of empowering security teams to accelerate attack remediation efforts.

The Frontline.Cloud and LogRhythm integration is currently in use by Avertium, a managed security and consulting provider that delivers secure, comprehensive digital solutions, including extended detection and response (XDR).

For more information about the Digital Defense Frontline Vulnerability Manager and LogRhythm SIEM integration, visit: https://www.digitaldefense.com/technology/frontline-vm-integration-logrhythm-siem/.

For a complete list of Digital Defense’s technology integrations, visit: https://www.digitaldefense.com/partners/technology/.

Digital Defense, Inc., a leader in vulnerability management and threat assessment solutions, is now integrated with Palo Alto Networks Cortex XSOAR (previously Demisto), the industry’s first extended security orchestration, automation and response platform with native threat intel management that empowers security leaders with instant capabilities against threats across their entire enterprise.

Through this integration, Digital Defense Frontline.Cloud and Cortex XSOAR deliver the ability to:

1. Assess a set of assets within a network segment or specific domain as either under attack or at high-risk of being compromised.
2. Develop a playbook, based on either risk score or threat level, for identifying the assets in question and quarantining that segment to prevent the spread of infection and give administrators the time needed to take remediation steps.

Digital Defense Frontline.Cloud can leverage the power of Palo Alto Networks Cortex XSOAR – combined with its own unique real-time profiling, assessment of vulnerable assets and threat scanning – to provide customers a way to take immediate action, prevent the spread of advanced threats and mitigate the possibility of a successful breach.

Cortex XSOAR is an extended security orchestration, automation and response platform that unifies case management, automation, real-time collaboration and threat intel management to transform every stage of the incident lifecycle. Teams can manage alerts across all sources, standardize processes with playbooks, take action on threat intel and automate response for any security use case – resulting in significantly faster responses that require less manual review.

Digital Defense, Inc., a leader in vulnerability management and threat assessment solutions, today announced its membership in the Micrcosoft Intelligent Security Association(MISA) and technology integration between its Frontline Active Threat Sweep (Frontline ATS) and Microsoft Defender for Endpoint. The combined solution increases Microsoft Defender for Endpoint’s proven security coverage and efficacy beyond other endpoint detection and response solutions, offering comprehensive endpoint protection for joint clients.

MISA is an ecosystem of independent software vendors and managed security service providers that integrate their security products and solutions with Microsoft’s to better defend against a world of increasingly sophisticated, fast-moving threats.

Frontline ATS complements Defender for Endpoint capabilities by identifying passive or dormant attacks that leverage dwell time to evade traditional security monitoring solutions. As a result, users no longer have to wait for an indicator of compromise to determine that their systems are infected. With the combined capabilities, customers have one of the most proactive solutions for identifying compromised systems and enabling security teams to be even more proactive in preventing breaches.

Additional joint solution benefits include:

• Better visibility and early detection of passive and active threats.
• Enhanced threat detection by combining targeted active threat scanning with AI-based behavioral anomaly detection, malware signature and file analysis.
• Rooting out of small passive attack artifacts that are extremely difficult to find and planted by attackers for infecting or even re-infecting assets.
• Identification of out-of-date or disabled endpoint protections to quickly flag at-risk devices and prioritize investigation and remediation.
• Immediate clean-up of infections before patching efforts can be implemented.
• Proactive analysis of assets for indications of a malware infection before other agent-based security tools can be deployed.

For more information about the Digital Defense Frontline Active Threat Sweep and Microsoft Defender for Endpoint integration, visit: https://www.digitaldefense.com/partners/technology/frontline-ats-microsoft-defender-for-endpoint/ or the Microsoft AppSource: https://appsource.microsoft.com/en-us/product/web-apps/digitaldefenseinc.ddi-frontline-ats-1-defender-atp?tab=Overview.

Digital Defense, Inc., a leader in vulnerability management and threat assessment solutions, today announced it will match all donations up to $5,000 to the PenFed Foundation, Dec. 10 – Dec. 15, as part of a social media campaign in support of the military community. The donations will be used by the PenFed Foundation to provide members of the military community with emergency financial assistance, help veterans achieve the dream of home ownership and support investments in veteran entrepreneurs.

The PenFed Foundation, a national 501(c)3 founded by PenFed Credit Union, was created in 2001 and, since then, has provided more than $38.5 million in financial support to veterans, active-duty service members, families and caregivers.

In March 2020, PenFed Foundation became the first national Veterans Service Organization (VSO) to launch a COVID-19 relief program providing emergency financial assistance for veterans and service members. To date, over 1,100 military families have been helped with COVID-19 emergency financial relief since March 17.

About PenFed Foundation

Founded in 2001, the PenFed Foundation is a national nonprofit organization committed to empowering military service members, veterans and their communities with the skills and resources to realize financial stability and opportunity. It provides service members, veterans, their families and support networks with the skills and resources they need to improve their lives through programs on financial education, homeownership, veteran entrepreneurship and short-term assistance. Affiliated with PenFed Credit Union, the Foundation has the resources to effectively reach military communities across the nation, build strong partnerships, and engage a dedicated corps of volunteers in its mission. The credit union funds the Foundation’s personnel and most operational costs, demonstrating its strong commitment to the programs the Foundation provides. Equal Housing Opportunity. To learn more, visit www.penfedfoundation.org.

Digital Defense, Inc., a leader in vulnerability management and threat assessment solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

These devices are commonly available on consumer websites/ecommerce sites such as Amazon, Best Buy, Office Depot and Walmart. Given the rise in work-from-home due to the pandemic, more employees may be connecting to corporate networks using one of the affected devices.

The vulnerable component of these devices is accessible without authentication. From both WAN and LAN interfaces, this vulnerability could be exploited over the Internet. Consequently, a remote, unauthenticated attacker with access to the router’s web interface could execute arbitrary commands as root, effectively gaining complete control of the router. With this access, an attacker could intercept and/or modify traffic, cause denial of service conditions and launch further attacks on other assets. D-Link routers can connect up to 15 other devices simultaneously.

D-Link is a global leader in designing and developing networking and connectivity products for consumers, small businesses, medium to large-sized enterprises and service providers. Since 1986, the company has grown into an award-winning global brand with over 2,000 employees in 60 countries. D-Link’s line of VPN routers enable remote workers to connect securely to company resources.

What You Can Do

D-Link’s recent advisory provides more details about the updates that have been released, which should be applied: https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10195​. For additional information, customers should contact D-Link directly.

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.

To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.

Digital Defense, Inc., a leader in vulnerability and threat management solutions, today announced that its Vulnerability Research Team (VRT) uncovered a previously undisclosed vulnerability affecting the cPanel & WebHost Manager (WHM) web hosting platform. cPanel &WHM version 11.90.0.5 (90.0 Build 5) exhibits a two-factor authentication bypass flaw, vulnerable to brute force attack, resulting in a scenario where an attacker with knowledge of or access to valid credentials could bypass two-factor authentication protections on an account. Digital Defense’s internal testing demonstrated that an attack can be accomplished in minutes.

cPanel & WHM is a suite of tools built for Linux OS that allows hosting providers and users the ability to automate server management and web hosting tasks while simplifying the process of website hosting for the end user. Serving the global hosting community for over 20 years, cPanel touts having over 70 million domains launched on servers using cPanel & WHM to date.

What You Can Do

cPanel’s recent advisory provides more details about the updates that have been released, which should be applied: https://news.cpanel.com/cpanel-tsr-2020-0007-full-disclosure/. For additional information, customers should contact cPanel directly.

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations promoting the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation hybrid cloud platform, Frontline Vulnerability Manager, enables early detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and assists, where possible, with the vendor’s remediation actions.

To view Digital Defense’s zero-day advisories to date, please visit: https://www.digitaldefense.com/vulnerability-research-team/vulnerability-research/.

New pressures presented by the hastened digital transformation due to this year’s global pandemic have put banks, credit unions and other financial institutions of all sizes in the position of assessing and implementing new cloud technologies faster than they would prefer. Additionally, the speed with which they have had to stand up remote workers and deliver services to remote customers has introduced new areas of risk. Malicious actors have discovered this and pounced. The frequency of cyberattacks on financial institutions is relentless with alerts and warnings being issued constantly. According to recent reports, cybersecurity attacks targeting banks have surged 238% due in large part to COVID-19.

Digital Defense, Inc., provider of vulnerability and threat management solutions, recently ran peer comparison reports on its bank, credit union, and financial services clients to gain greater insight into industry-specific threats and threat and vulnerability preparedness across the financial sector.

The chart below provides the 12-month average Security GPAs** for internal and external scanning and compares 2020 scores with the same period in 2019. For additional context, the Security GPAs for banks, credit unions, and financial services firms were averaged to calculate an overall financial industry GPA for internal and external vulnerability scanning.

Report findings:

• Over the past 12 months, all financial verticals performed above the platform average Security GPA for both their internal (2.72 B-) and external (3.37 B+) vulnerability scanning and remediation efforts.
• The bank and credit union Security GPAs for external scanning indicate that these two groups have made headway improving their external security posture by prioritizing high-impact vulnerabilities that put their organizations most at risk. 
• On the other hand, the financial services vertical’s 2020 internal GPA (2.81 B-) is noticeably lower than 2019 (3.05 B+). Many variables can impact a decreased Security GPA, especially as we account for the extensive network changes in the financial industry over the past several months. Situations that could be contributing factors to the lower 2020 internal GPA for financial services include:
  • A large deployment of hardware, software, or operating systems triggered several high-level vulnerabilities that are not being addressed because organizations are going through a technology refresh.
  • New vulnerabilities discovered that are targeting applications specific to the financial services vertical.
  • Financial services customers may have a sizeable deployment of applications or operating systems that have recently reached end-of-life (EOL), triggering additional vulnerabilities.
• Most notable in this industry comparison is that most of Digital Defense’s financial clients’ year-over-year scores exceed platform averages, remain consistent and improve during a time of significant technology changes across the industry. The data indicates that financial organizations are prioritizing vulnerabilities that have the most impact on their security posture and are putting security first by acting on incidents identified through their vulnerability management program.

More info can be found here.