Threat intelligence sharing among vendor and industry peers has come a long way, and in 2017 there will be more opportunities than ever to demonstrate its value; especially as conversations around sharing intelligence between the public and private sectors continues.
Over the past year, healthcare organizations of all sizes have been impacted by cyberattacks. Most of them involve malware of one sort or another. As a former security operations lead at a hospital network in the San Francisco Bay Area, I learned what my research at Palo Alto Networks has confirmed: By far, the most common way for malware to make its way into Healthcare networks is by spoofed emails.
2016 was a challenging year for organisations particularly as cyber adversaries achieved high-profile success, mainly with ransomware. Organisations in Asia-Pacific are no exception. The year also taught a valuable lesson that no industry vertical is safe; if there is a hole in your security, a determined adversary will find it.
Russian advanced persistent threat group Sofacy has upped the ante in its campaign to compromise organizations with its “DealersChoice” Flash Player exploit tool, even after Adobe patched a zero-day Flash vulnerability that the tool was observed exploiting.
The downtime created by the holiday season is a fan favorite for enterprise employees and hackers alike. As workers are enjoying time away from the office for vacations or working remotely, hackers are viewing this slow down as an optimal time to attack corporate systems. To avoid having your organization turn into this holiday’s victim, security professionals provide tips for IT managers to protect corporate data, as well as share recommendations for using the slower cycles to test security systems.
Russian advanced persistent threat group Sofacy has upped the ante in its campaign to compromise organizations with its “DealerWhat Lies Ahead for Cybersecurity in 2017?sChoice” Flash Player exploit tool, even after Adobe patched a zero-day Flash vulnerability that the tool was observed exploiting.
Researchers at Palo Alto Network's Unit 42 threat intelligence team spotted a new Google Android trojan named “PluginPhantom” which is capable of leveraging Android's DroidPlugin technology to steal user information.
While ransomware threats are mostly an unknown entity to everyday consumers and Internet users, the widespread havoc these types of attacks have waged on healthcare organizations during 2016 started hitting a little too close to home. Ryan Olson weighs in on the maturation and and business model of ransomware.
Em discussões sobre cibersegurança uma das palavras mais utilizadas é “prevenção” e uma das indagações mais frequentes é como prevenir de ataques cibernéticos antes que eles sejam executados e registrem sucesso? Essa é uma questão importante com a qual as equipes de segurança têm de lidar diariamente.
I have the great opportunity to spend time with CSOs and IT executives to understand their cybersecurity concerns and help them map out a strategy for success. An increasingly common question I’ve been hearing is, “Does my organization need a threat intelligence team?” Adding threat intelligence capabilities to your organization can be valuable, with their ability to hunt for advanced attacks; profile never-before-seen malware, campaigns or adversaries; and really think like an attacker.
2016 was the year of ransomware in cybersecurity, and it was especially impactful in healthcare. For this post, I’ve laid out a few predictions about the type of threats that the healthcare industry will face in 2017. Also, I’ve organized my predictions into “Sure Things” (predictions that are almost guaranteed to happen) and “Long Shots” (predictions that are less likely to happen) in cybersecurity in 2017.
Imagine in a 2016 remake of the classic film Gaslight, a young security professional is driven to the brink of insanity – and impending disaster – by a cyber schemer who unbeknownst to IT security has over time moved around and corrupted bits of data, manipulating, let's say, the design of a jumbo jetliner or perhaps the composition of a vaccine, to execute an unspeakable attack.
One thing is clear about security: it is changing perhaps faster than any other industry. For partners, that means there's a need for a new business model when it comes to security, Palo Alto Networks Senior Vice President of Worldwide Channels Ron Myers said.
The image that the expression “Nigerian scammer” conjures up in most people’s heads is still that of the confidence man behind the keyboard, convincing victims that they have the opportunity to get a hefty sum of money if they only send some first, or pretending to be a man or woman in love with the victim and needing money to get out of some difficulty or another.
With Election Day upon us, we are getting closer to ushering in a new administration in the White House. Significant progress on cybersecurity policy has been made in the past decade in both Republican- and Democrat-led administrations, and we look forward to the incoming administration making further strides in the next four years. Federal CSO John Davis provides recommendations for the next administration in Federal Computer Week.
The 2016 U.S. presidential election is a global phenomenon, but candidates aren’t the only ones vying to connect with the people. Behind the scenes, stealthy cybercriminals are immersing themselves in the political banter, gathering information and intel to drive their own agendas. What exactly motivates a cyber attacker to take advantage of elections?
According to a research report and accompanying blog post by Palo Alto Networks' Unit 42 threat research team, the Nigerian cybercriminals traditionally known for their 419 advance-fee scams have evolved from silly spray-and-pray email spam campaigns to more refined con games that target large business organizations with malware and fetch princely sums totaling millions of dollars.
Buying triggers for security customers can range from seeing a hack in headlines to word-of-mouth recommendations, but Palo Alto Networks CEO Mark McLaughlin said in the security platform business, it’s often detection alerts from a company’s own systems. “The biggest [buying trigger] is the overwhelming number of just detection alerts that are happening,” said McLaughlin. “This would be true in a very large enterprise, but it would probably be even more painful in smaller businesses.”
As a cautionary tale for the season, here are seven of the scariest ransomware variants. This list is based on a consensus drawn from interviews with Trend Micro's Cabrera; Chris Day, CISO of Invincea; and Bryan Lee, threat intel analyst for Unit 42 at Palo Alto Networks.
The age of the point solution is over, and a new era of platform security players has emerged to change the way companies protect themselves from cyber threats, Palo Alto Networks CEO Mark McLaughlin said. However, not every security company that claims to have a platform will succeed, McLaughlin said Tuesday morning in an on-stage interview with The Channel Company CEO Robert Faletra at the 2016 Best of Breed Conference in Atlanta.
Those who’ve seen the 1967 film Cool Hand Luke will undoubtedly remember this famous line from the prison warden (played by Strother Martin) directed at the stubborn criminal named Luke (played by Paul Newman): “What we’ve got here is a failure to communicate.”
Daniel Bortolazo, Palo Alto Networks System Engineer Manager in Brazil, was featured on TV Brasil for a story about cyberattacks and ways to improve the digital security during Security Leaders. The feature also covers a game from RSA that simulates an attack on local data from Level 3 and cites Palo Alto Networks as a source reinforcing the importance of prevention.
Palo Alto Networks CEO Mark McLaughlin said there is a real possibility that technology adoption could decline due to increased mistrust in the security of new technologies.
“There was a study done not too long ago by a U.S. government agency that looked at usage of some digital technology, and interestingly, it said it’s declining. Why? Because people don’t trust it,” McLaughlin said at the IT Best of Breed conference in Atlanta.
The prevailing approach to cybersecurity, which is focused on detection and remediation, has proven inadequate to dealing sufficiently with the rise in volume and sophistication of attacks organizations must now defend against. To keep pace with attackers, security teams routinely deploy 10-15 point products in their environments from different vendors in an attempt to institute security controls at each step in the lifecycle that an attacker must complete in order to successfully exfiltrate data.
Using weaponized Word documents as attachments to phishing emails is not a new attack method, but Palo Alto Networks researchers have discovered an interesting variation: an RTF document with an embedded OLE Word document containing embedded Flash exploits. The purpose is to disguise the attack in layers of obfuscation. Unit 42, the research team of Palo Alto Networks, recently discovered two variations of this attack, which it has named DealersChoice.A and DealersChoice.B.
Russian advanced persistent threat group Sofacy has another ace up its sleeve: a Flash Player exploit tool, dubbed DealersChoice, that in some ways resembles a Russian nesting doll. Discovered by Palo Alto Networks' Unit 42 threat research team, the tool generates RTF documents that contain embedded OLE Word documents that in turn contain embedded, malicious Adobe Flash (.SWF) files, whose contents are designed to abuse flaws in Flash software.
Experts said expired domains are often purchased with the intent of advertising, but researchers noted these domains and abandoned SDKs present an opportunity for threat actors to target mobile users. Zhi Xu and Tongbo Luo, researchers for Palo Alto Networks, described the risks during a talk at the Virus Bulletin International Conference in Denver. According to the Xu and Luo, many third-party app software development kits(SDKs) have been abandoned, but the apps are still available to users. These apps will attempt to contact command and control servers(C&C) at expired domains which could be repurposed for malicious activity.
A backdoor malware campaign dubbed OilRig that in May was discovered targeting organizations in Saudi Arabia is now trying to drill into government entities in Turkey, Israel and the U.S., as well as Qatari companies and organizations. Palo Alto Networks Unit 42 threat research team updated the campaign's latest spear phishing efforts in a blog post, warning that the campaign has updated its “Helminth” backdoor software as well as the malicious Excel documents that distribute the malware via macros.