Bitdefender Threat Debrief | May 2022

Bitdefender Threat Debrief | May 2022

by Business Insights , on 19.05.2022

MDR Insights The MDR intelligence cell recognizes the threat that comes with homograph domains used in phishing attacks. Our monitoring looks for homograph activity targeting the MDR customer base. Although most phishing attacks will use common international domain names, the potential still exists for attackers to create homograph domains to target our customers. Additionally, we have seen business competitors purchase domains and redirect them to the competitor pages, so homographs also generate some business risk. Over the last quarter, ~5% of our intelligence alerts focused on typosquatting were actionable to our customers, as a security or business risk. read more

Join Bitdefender at the 2022 RSA Conference

Join Bitdefender at the 2022 RSA Conference

by Business Insights , on 16.05.2022

The RSA Conference is where the world comes together to talk cybersecurity. As one of the largest and best-known cybersecurity conferences, RSA brings together industry leaders and revolutionary thinkers for four days in San Francisco to gain knowledge, join in conversations about the latest advancements in cybersecurity and experience cutting-edge solutions that protect the world from emerging threats. read more

Looking for XDR in your MDR Partner | How XDR can improve MDR

Looking for XDR in your MDR Partner | How XDR can improve MDR

by Business Insights , on 11.05.2022

Over the last two years, it’s clear that organizations, especially enterprises, need to elevate their detection and response capabilities. Environments are much different and the risk has never been greater to organizations. read more

We Need To Stop Preparing For The Last War | ConnectWise CyberSEC 2022

We Need To Stop Preparing For The Last War | ConnectWise CyberSEC 2022

by Business Insights , on 09.05.2022

It is the beginning of a new year, and the internet is full of articles reviewing the previous year in cybersecurity or predicting what to expect in 2022. Unsurprisingly, “ransomware” is one of the most popular topics—both when looking at the past and predicting what the future holds for us. 2021 was “the year of ransomware.” But so were 2017, 2018, 2019, and 2020—and 2022 will probably not be very different. Ransomware is no longer a problem discussed only in the cybersecurity and tech communities—it is now a regular occurrence in mainstream media headlines and executive board meetings. So why is ransomware such a menace, and why can we not seem to get rid of it? One of the reasons is that we seem to miss the continued evolution of ransomware—we keep preparing for the last war. Ransomware in 2022 is very different than ransomware in 2017, yet we still treat it the same way. We must understand how the threat landscape is changing to protect our organizations in the future. So, what is the most important transformation of modern ransomware? Time for the heist! The cybercrime ecosystem is driven by the same economic forces as regular markets. A new business concept or idea can quickly become the new standard, eventually replacing previous business practices. When Ransomware-as-a-Service (RaaS) appeared on the scene, it initially failed to change the cybercrime industry. First experiments were based on a subscription model where affiliates were paid a fee for access to ransomware infrastructure and tools, but everything else was up to them. It raised some concerns in the cybersecurity industry but didn’t really have a big impact on the way we protected our organizations from risk. The model changed, but the activities to prevent, detect and respond mostly remained the same. The real deal was the introduction of the profit-sharing model. In this model, ransomware operators work with affiliates. Ransomware operators are responsible for developing the malware and running the infrastructure, focusing all their attention on running a platform for others. Affiliates are specialists in penetration testing and work in the field, gaining access to victims’ networks. After successful deployment, ransomware operators negotiate and collect the ransom and distribute their share to affiliates. If this reminds you of a heist movie, you are correct. It’s a group of experts getting together to do a special job and escape with a large sum of money. But the often overlooked, important factor to understand is the revenue sharing ratio between these two partners. Modern ransomware revenue distribution favors affiliates, who often get around 80% of the total ransom. While ransomware operators usually get all the credit for a successful attack and lead negotiations, affiliates get the largest share of profit.In the last few years, the power has shifted from those who control the ransomware code to those who control access to networks. When ransomware operators cannot increase their share of revenue without losing affiliates to competitors, they need to focus on maximizing the ransom payout. A rising tide lifts all boats, and increasing the total payout is fueling this whole profit-sharing scheme. Planning, execution, and exit require careful planning, but the payout can be in tens of millions, as we have seen in the last few years. New challenges bring new opportunities To reach these astronomical ransoms (compared to an average ransom just a few years prior), threat actors are focusedon maximizing pressure on their victims. They carefully stage their attack, first locating your backups, learning about your incident response strategy, your cyberinsurance coverage, and anything else that could help them to put more pressure or increase the maximum potential ransom. Double, triple, or even quadruple extortion is now a common practice. Some groups, like Karakurt, don’t even bother with the encryption anymore and focus strictly on the data exfiltration. The supply chain attacks are a hit because they act as a force multiplier. There is a silver lining, though—while these attacks are much more devastating, they require more time to prepare. The time from the initial infection to the encryption of all files is no longer seconds or minutes as it was with opportunistic ransomware— now it can be weeks or even months. In many ways, defense against modern ransomware is similar to protection against APT threats. Defense-in-depth (once again) is an effective strategy to combat this new generation of ransomware. Robust prevention security controls are a good foundation that needs to be complemented with detection and response tools. Separating noise from the real alerts and keeping a low false-positives ratio is critical. When adversaries make a mistake (and they usually do), you need to detect it and respond before the full-scale attack can be launched. Small and medium businesses are not safe from these attacks. Some affiliates are specialized in targeting the SMB segment, often using different initial vectors than for enterprises. Ransom is based on revenue, and a small company with robust revenue is the perfect target. When choosing the victims, threat actors can also increase the pressure by focusing on industries where downtime has serious implications to business, for example, manufacturing. MSP, MDR, and other managed security services should be used to complement your own security teams. Finally, global leaders, the private sector, and law enforcement agencies can disrupt the relationship between ransomware operators and affiliates. For example, releasing decryptors is not only impacting the cash flow of ransomware groups, but it’s also very damaging to their reputation in the underground. Global threats should trigger a global response, as recently seen with operation GoldDust—a global collaboration between 19 law enforcement agencies and the private sector that shut down REvil operations in 2021. Ransomware still looms large The year 2022 is going to be the year of ransomware again. And it will stay that way until we start paying attention to the latest trends on the other side of the front. If we keep building trenches while the enemy is already using airplanes, we will see $100+M ransoms soon. Learn more about what the future of cybersecurity holds for MSPs. This essay was released as part of an eBook combining a group of cybersecurity experts from different fields, companies, and backgrounds to give their predictions for what they see as the future of cybersecurity. read more

Join Bitdefender at CyberTech Europe 2022 | Exploring Best Practices in Cloud Security, Zero Trust, and More

Join Bitdefender at CyberTech Europe 2022 | Exploring Best Practices in Cloud Security, Zero Trust, and More

by Business Insights , on 04.05.2022

The enterprise cybersecurity landscape has changed dramatically in recent years. The COVID-19 pandemic spurred a rapid, global shift to remote and hybrid work, accelerating digital transformation initiatives and the widespread adoption of cloud technologies. With the attack surface greatly expanded, cybercriminals ramped up their activities and supply chain and ransomware threats surged during the past two years. read more

Cloudy With A Chance of A Security Breach: Why CWS and XDR Solutions Should Be On Your Radar

Cloudy With A Chance of A Security Breach: Why CWS and XDR Solutions Should Be On Your Radar

by Business Insights , on 02.05.2022

Security leaders are constantly looking to further mature their security organization and continuously build up their security department and tech stack. Identifying key risk gaps and areas of exposure is key for helping organizations stay proactive so they can better prepare and protect themselves, even against new threats. read more

Bitdefender Threat Debrief | April 2022

Bitdefender Threat Debrief | April 2022

by Business Insights , on 28.04.2022

Highlight of the month: MITRE ATTandCK Evaluations 2022 Security practitioners are familiar with the MITRE ATTandCK Framework, but they are often not familiar with another related project – MITRE ATTandCK Evaluations. This year, 30 security vendors were tested on their ability to detect ransomware and wiper deployments and then provide analytical insights. read more

Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine

Deep Dive into the Elephant Framework – A New Cyber Threat in Ukraine

by Business Insights , on 25.04.2022

At the beginning of the invasion of Ukraine, we released a security advisory with recommendations based on different risk tiers. Since then, our Threat Intelligence (TI) and Managed Detection and Response (MDR) teams have been actively monitoring the situation and identifying active threats. Not surprisingly, the highest risk group contains businesses and organizations located in Ukraine, especially government entities and critical infrastructure. read more

SDN Security—What is it and Why Should SMBs Care?

SDN Security—What is it and Why Should SMBs Care?

by Business Insights , on 20.04.2022

Small and mid-sized businesses (SBMs) have every reason to be interested in deploying software-defined networking(SDN) technology, because it offers capabilities such as dynamic, efficient network configuration that can enhance network performance and monitoring. read more

Next >>