The IT Nerd

PhishLabs by HelpSystems has identified attackers leveraging a weakness in Google’s ad service to carry out phishing campaigns on U.S. and Canadian Financial Institutions. This weakness abuses the fact that the URL shown in Google Ads is not the linked site but rather the final destination, including redirects. By leveraging conditional redirects, the attackers create ads that appear legitimate but will redirect to hostile sites.

In these attacks, both ad text and link hovering falsely state the user will be redirected to the targeted organization’s legitimate site. When the user clicks on the ad, they are routed through multiple redirects before landing on a phishing page. 

Legitimate click tracking redirects begin at Google Ads and are routed through numerous click trackers before landing at their desired destination. Google Ads display the user’s final landing page due to client preference that the ad link not display the click tracker. In these attacks, threat actors create their own redirects, which they set up to lead to the legitimate site. 

When Google traces the redirects, they see the appropriate site and will have the Ad display the legitimate URL. Threat actors then configure the redirect to use certain criteria such as geo location to direct certain users to a phishing site. These campaigns are potentially utilizing other obfuscation techniques to evade detection by Google, as well.

In the example below, attackers have incorporated a redirect that is not only malicious, but also contains logic that will hide its true destination. When Google attempts to determine where the user will land, they see a legitimate credit union site. As a result, they will only display the credit union URL. If the end user clicks on the ad, they will instead land on a different site that is malicious. In this case, the redirect would only display the phishing site if the user IP was based in Minnesota. 

Stacy Shelley, VP of marketing for email security and digital risk protection at PhishLabs by HelpSystems, says:

“It used to be the case that when you hover over a Google Ad, you would see a Google tracking link, and that made it very easy to abuse. So, Google started processing all the redirects until it gets to the final landing page. If the page is legit, the ad will be published with the final landing page as the hover link (no redirects displayed).

“What we’re seeing indicates there are weaknesses in that process that threat actors are exploiting. They use conditional geolocation logic to present the legitimate landing page when Google scans their ad. Google publishes the ad and displays the legit landing URL on hover. As a result, you get a more convincing ad experience (no odd URL) that still redirects targeted victims to a malicious site.”

PhishLabs Actions 

PhishLabs has technology in place to monitor Google Ads for malicious content targeting its client base. With the recent change in behavior, the company is in the process of enhancing detection capabilities for these threats. 

PhishLabs is actively working with Google and providing information on the behavior observed to reduce the prevalence of these threats and sharing live threat examples as they are detected. Google is also working on implementing preventative measures. 

Thanks to PhishLabs By HelpSystems for supplying me with all of this information so that I could present it to you.

HelpSystems announced today the acquisition of Outflank, a well-regarded IT security leader with deep expertise in adversary simulation; specialist cyber security trainings; and a unique cloud-based software offering for red teams, Outflank Security Tooling (OST). Based in Amsterdam, the team of experts works with prominent financial institutions, multinational firms and other parties that require the highest level of security by employing ethical hacking methods that closely mimic those of real cyber criminals. The business joins the HelpSystems Offensive Security portfolio of vulnerability management, penetration testing, and red teaming/adversary simulation solutions to help customers evaluate and prevent risk from many angles.

Many organizations seek advanced security assessments in the form of red teaming operations, yet few have the internal resources to carry out this critical task effectively. Some red teamers develop their own tools or look to niche, open-source options to undertake engagements. Outflank provides consulting, trainings, and a SaaS-based software toolkit that allows stringently vetted organizations to evaluate their defenses in light of today’s high-stakes security environment. In fact, the company developed its flagship Outflank Security Tooling solution to work in tandem with HelpSystems’ Cobalt Strike for a robust approach to adversary simulation.

HelpSystems is a software and services company focused on helping exceptional organizations secure and automate their operations. Their cybersecurity and automation solutions protect information and simplify IT processes to give our customers peace of mind. They know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at helpsystems.com.

Outflank is a highly specialized IT security company. All team members are seasoned professionals with many years’ experience in security testing and red teaming. The team has performed hundreds of security tests and red teaming engagements and trained nearly 1,000 IT and security professionals.  Their strong offensive experience is complemented with deep expertise in IT security defense. Outflank’s OST product is the market’s first solution offering a full spectrum toolset that supports other red teams in their critical jobs of testing security and organization’s resilience to advanced adversary simulations. The team recognizes the vital role of the infosec community and supports this by regularly sharing highly technical research from their specialists, but also advancing the development of the red team framework TIBER.

Agari by HelpSystems and PhishLabs by HelpSystems have released the results of their latest Quarterly Threat Trends & Intelligence Report.

In Q2, Agari and PhishLabs analyzed hundreds of thousands of phishing and social media attacks targeting enterprises, their employees, and brands. This report uses the data from those attacks to present key trends shaping the threat landscape.

Key highlights include:

• Phishing is Steadily on the Rise: Phishing attacks are up nearly 6% in Q2 from Q1 2022
• Social Media is an Accessible and Preferred Threat Channel: Social media attacks have increased more than 100% in a year
• Response-Based Phishing Continues to Climb: Response-Based threats targeting corporate inboxes reached the highest volume since 2020
• Emotet Leads Ransomware Payloads: Emotet has fully recovered, representing nearly 50% of all malware payload attacks in Q2
• Hybrid Vishing Attack Volume Trending Up:Hybrid Vishing attacks have increased 625% in volume since Q1 2021
• O365 Credentials Coveted by Criminals: Nearly 60% of credential theft phishing attacks targeted O365 credentials in Q2

You can read the report here.

 Core Security by HelpSystems, a leading provider of cyber threat solutions, today announced the addition of ransomware simulation to its penetration testing solution, Core Impact. Using an automated Rapid Pen Test, Core Impact users can now efficiently simulate a ransomware attack. 

An Increased Need to Prepare for Ransomware Attacks 

According to the 2022 Penetration Testing Report, ransomware is one of the top concerns for cybersecurity professionals. Also, a PhishLabs by HelpSystems report shows ransomware is booming, growing more than 100% year-over-year. The cost of ransomware attacks is also on the rise; the average ransom demand alone was $220,298 in 2021, with the recovery cost much steeper, averaging $1.8 million.

When employees open infected email attachments or click on malicious websites, they can inadvertently trigger a ransomware attack. With unwitting employees serving as one of the most common attack vectors, ransomware can be particularly difficult to avoid. 

For an in-depth demo of Core Impact and to see the ransomware simulation in action, visit: https://www.coresecurity.com/products/core-impact/demo-watch or visit: https://www.coresecurity.com/blog/core-impact-introduces-ransomware-simulation to learn more.

HelpSystems held their annual Cybersecurity week on May 17-19

May 17-19), the company will hold “Cybersecurity Week 2022”, a 3-day event covering:

• Expert insights on the cybersecurity and the threat landscape  
• Today’s most pressing cybersecurity threats  
• Up-to-date cybersecurity trends and best practices  
• Data compliance regulations  
• Education on HelpSystems’ modular cybersecurity solutions 

And what’s even better is that if you missed this, HelpSystems has made the session recordings freely available for anyone to check out. You can see them here, and I have to applaud HelpSystems for making them available. When it comes to improving your cybersecurity game, knowledge is power. And these videos which are between 20 and 40 minutes in length are really good at increasing your knowledge. The speakers are engaging and knowledgeable. I guarantee that you will get something out of these sessions. I viewed a couple of these last night and I’ll be going through the rest over the weekend. If you’re responsible for cybersecurity in your organization, you should set aside some time and have a look at these videos as well.

HelpSystems announced today the acquisition of Terranova Security, a leader in global phishing simulation and security awareness training. Available in more than 40 languages, Terranova Security’s platform and content incorporates gamification techniques to increase engagement and knowledge retention. This approach enables all organizations to hone employee cyberattack prevention skills and reduce the chance of a successful phishing attack. Terranova Security extends HelpSystems’ overall security suite with a proven training security awareness solution that complements email security offerings from Clearswift, Agari, and PhishLabs.

Because employees are often the first line of defense against cyberattack, Terranova Security’s training and simulation capabilities are at the top of many cybersecurity to-do lists for highly targeted organizations. Terranova Security works with customers to take a holistic look at suspicious emails and evaluate how effective users are at recognizing scams and whether they need additional training. The company strives to instill users with the knowledge, skills, and confidence they need to recognize cyber threats, from phishing emails to credential harvesting webpages and other forms of social engineering. 

Although phishing attacks aren’t new, the industry has seen a marked rise in their prevalence in the wake of expanding remote workforces with increasingly sophisticated and bold attempts. In addition to phishing and the more targeted spear phishing campaigns, these aggressive efforts to infiltrate businesses can take the forms of social engineering, business email compromise, and ransomware that paralyzes entire networks. 

HelpSystems is a software company focused on helping exceptional organizations secure and automate their operations. Their cybersecurity and automation software protects information and simplifies security and IT processes to give our customers peace of mind. They know security and IT transformation is a journey, not a destination. Let’s move forward. Learn more at helpsystems.com. 

Terranova Security is the global security awareness training partner of choice that has been transforming the world’s end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce the human risk factor, and counter cyber threats effectively. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Center and Cyber Hero Score, Terranova Security consistently innovates to support all organizations’ cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

HelpSystems announced today it has signed a merger agreement to acquire Alert Logic, a well-known leader in managed detection and response (MDR) services. Alert Logic works as a seamless extension of security teams, augmenting existing cybersecurity resources and technology to safeguard on-premise, cloud, SaaS, and hybrid infrastructures. The company’s MDR solution focuses on alleviating the intense pressure organizations face due to the increase in cyberattacks and the notable shortage of skilled professionals available to prevent and remediate them. Alert Logic will become a cornerstone of HelpSystems’ comprehensive cybersecurity portfolio.

Businesses of all sizes look to Alert Logic to establish a hybrid IT approach to meeting their cybersecurity goals and applicable compliance mandates. Alert Logic is the industry leader in MDR for cloud environments, with more than 4,000 customers and an extensive partner ecosystem around the globe. Its comprehensive coverage paired with human oversight enables organizations to meet key regulatory requirements, including PCI DSS, HIPAA HITECH, GDPR, Sarbanes-Oxley (SOX), SOC 2, NIST 800-171 and 800-53, ISO 27001, COBIT, and more.

Guggenheim Securities, LLC advised Alert Logic on the sale transaction; Kirkland & Ellis served as legal advisor.

HelpSystems, a cybersecurity and automation software company, today announced the findings from its eighth annual IBM i Marketplace Survey. The survey provides a close look at how organizations use the IBM i platform and the IT initiatives it supports. It reveals the trends shaping and driving the market and provides insight into what the future may bring for this technology.

Key Findings

• In addition to cybersecurity, other top concerns include high availability/disaster recovery (59%) and modernizing applications (56%).
• 24% of respondents do not adhere to any compliance mandates.
  • The biggest increase is those adhering to HIPAA regulations (21%).
• Remote operations brought new challenges including security concerns with remote access (46%) and supporting employees working from home (42%).
  • Many organizations are making changes to better support remote operations such as automating manual processes (38%), leveraging IBM i Access Client Solutions (34%), and implementing layered security around VPN access (32%).  
• RPG usage has soared to 93%.
• 73% of respondents are considering upgrading to Power10.
• A new finding this year was a 33% increase in IT and business automation.

Aside from year-over-year trends and data points, the report findings also answer the following questions: 

• Are more organizations adopting IBM i in the cloud? 
• Are shops expanding their IBM i usage? 
• How does IBM i’s ROI compare to other servers?
• Are IBM i customers staying current on the latest OS levels?

Methodology and Demographics

This survey represents the viewpoints of IBM i professionals from around the globe across multiple industries and regions. This diverse sampling spans variability in budgets, company size, server size, operating system versions, and experience levels to give a representative and diverse look at the worldwide IBM i market. Manufacturing reclaimed the top seat as the main industry of our respondents this year, with an increase of four points to 18%. 

This year saw a trend upward in responses from smaller organizations (less than 500 employees). 50% of respondents work for an organization with fewer than 499 employees, an increase of 4 points from the previous year. This correlates with smaller manufacturers running IBM i. In terms of the job titles of respondents, they largely remained the same with small, 2-point increases from administrators and director/VP titles. 

To learn more about how IBM i shops are using the platform and what the future of IBM i looks like, sign up for the accompanying webinar, taking place today at 10AM EST: https://www.helpsystems.com/resources/webinars/2022-ibm-i-marketplace-survey-results-revealed.

To access the complete 2022 IBM i Marketplace Survey results, visit: https://www.helpsystems.com/resources/guides/ibm-i-marketplace-survey-results

Well, it’s been quite the year on the cybersecurity front. And to be frank, with threats like Log4Shell, that’s likely to make 2022 quite the year as well. To get more detail on what that might look like, here’s three predictions from HelpSystems that make for some interesting reading.

Joe Vest, Tech Director – Cobalt Strike by HelpSystems

“The prevalent cybersecurity testing model that I call, ‘find the bad, fix the bad,’ will continue to dominate in 2022, and many organizations will remain steps behind the threat. If we could patch our way out of this problem, we would’ve solved security many years ago. Unfortunately, much of the advice and testing models keeps us steps behind the threat. There’s a great deal of time, money and energy spent designing and operation a security operations program. By only concentrating on fixing flaws, we just measure our ability to prevent – and 100% prevention is unrealistic. The motto, ‘prevent first, detect always,’ must be adopted as a core preset for secure security operations programs. Remember, the goal of security is not to stop a hack. The goal is to prevent, detect and respond to a threat actor before they successfully achieve their goal. It’s time we pushed back on the threat and moved beyond fixing the flaws.”

Tom Huntington, Executive Vice President of Technical Solutions at HelpSystems

“There’s a shortage of IT staff in the cybersecurity industry. We know that CISOs and other cybersecurity professionals are really trying to staff up their team to help combat all the bad hackers around the globe. I’m thinking that as we roll through 2022 that one of the better practices would be to apply automation – things like robotic process automation, workload automation, enterprise scheduling – those kinds of practices should be used as we look at mundane, repetitive cybersecurity processes that we’re doing, and we may be able to augment the shortage in staff with a good set of automation products alongside of cybersecurity.”

“2022 is the year that C suite recognize that they are getting further and further behind on their security projects. They’ll start to turn to RPA (Robotic Process Automation) and enterprise automation to help their teams become more productive in the battle against the cybercriminals. If they cannot hire talent, automation allows them to augment this deficiency. This effort takes SOAR (security orchestration automation and response) to a new level.”

Brian Pick, Managing Director of Managed File Transfer – HelpSystems

“Organizations will continue to look closely at how to minimize any type of data breach. This includes a close examination of how they are exchanging data/files with third parties. For example, we’re seeing a lot of inquiries that relate to organizations taking a closer look at any processes that require someone to manually secure a file before it’s exchanged. This could include having a programmer write a script to transfer a file securely or someone using a PC application to encrypt the file first before sending it. Security personnel are looking for a consistent, reliable and auditable process for securely exchanging files that help prevent data.”

It will be interesting to see how their predictions play out in 2022 as I know that many will be keeping track.

HelpSystems, a cybersecurity and automation software company, today announced the launch of the HelpSystems Educational Partner Program. The program aims to facilitate cybersecurity learning and knowledge sharing by providing educators and cyber team captains with free licenses of HelpSystems’ solutions for use in their studies.

Using products like Core Security’s Core Impact, U.S.-based colleges and universities offering cybersecurity programs can teach and train students on penetration testing and other cybersecurity concepts with leading tools from the professional world. The HelpSystems Educational Partner Program is free for higher educational institutions that meet program requirements.

Partner Qualification 

Institutions interested in using HelpSystems products must provide documentation to be considered for eligibility. Applicants must provide proof of affiliation with an educational institution or event, such as a college course, workshop, or conference. A submitted description of where and how the tool will be used is also required (e.g., a class description or syllabus indicating that Core Impact will be used to fulfill classroom objectives or description of an event or cybersecurity team challenge using Core Impact for pre-event training or usage during the event).

For more information about the HelpSystems Educational Partner Program, visit: https://www.coresecurity.com/about/partners/educational-partners.