Download the report to learn about the rise of ransomware, how adversaries are refining and improving their tactics, and what you can do to better defend your organization against them.
The 2018 Cloud Security Report reveals that security concerns are on the rise, heightened by a shortage of qualified security personnel and the inability of most legacy security tools to address modern IT environments.
Palo Alto Networks® is focused on securing your business with a prevention-focused architecture you can easily deploy and operate. NSS Labs® – in its Security Value Map™ (SVM) based on the 2018 “Next Generation Firewall Group Test Report” – has recognized this and given our NGFW a Recommended rating.
Palo Alto Networks® is focused on securing your business with a prevention-focused architecture you can easily deploy and operate. In its 2018 “Next Generation Firewall Group Test Report,” NSS Labs® recognized this and gave our NGFW a Recommended rating.
To provide customers with a framework to evaluate the financial impact of investing in the Security Operating Platform, Palo Alto Networks engaged with Forrester Consulting. Forrester conducted a Total Economic Impact (TEI) study with three long-term customers to better understand the benefits, costs, and risks associated with their investment.
Palo Alto Networks Traps earned a “Recommend” rating in the 2018 NSS Labs Advanced Endpoint Protection test. Results indicated outstanding protection and low total cost of ownership. The AEP test evaluated Traps ability to detect, prevent, continuously monitor and take action against malware, exploits, evasions and blended threats. The results of this test validates Palo Alto Network’s prevention first philosophy.
The 2018 Cloud Security Report reveals that security concerns are on the rise, heightened by a shortage of qualified security personnel and the inability of most legacy security tools to address modern IT environments.
With both the threat landscape evolving rapidly and regulatory requirements becoming more demanding, organisations are struggling to prepare for cybersecurity incidents.
Download the report to learn about the rise of ransomware, how adversaries are refining and improving their tactics, and what you can do to better defend your organization against them.
In this research report, we present the results of a recent Tech Pro Research survey, asking CBS Interactive’s readers about their current cloud activities, security operations, and priorities. You'll learn how IT departments are planning their implementation of private and hybrid cloud infrastructure, how they're dealing with concerns about insider threats, their perceptions of shadow IT, and how you can protect your organization in a challenging threat landscape.
Credential theft is the oxygen of malicious activity: nearly always there, necessary, but never noticed. According to the 2016 Verizon® Data Breach Report, 63 percent of confirmed data breaches leveraged credentials, and the use of stolen credentials is the most common approach in web-app attacks. Credential theft is a staple in the playbooks of sophisticated attackers, like the Sofacy threat actor group, and unsophisticated attackers alike.
Credential theft is the oxygen of malicious activity: nearly always there, necessary, but never noticed. According to the 2016 Verizon® Data Breach Report, 63 percent of confirmed data breaches leveraged credentials, and the use of stolen credentials is the most common approach in web-app attacks. Credential theft is a staple in the playbooks of sophisticated attackers, like the Sofacy threat actor group, and unsophisticated attackers alike.
Credential-Based Attacks: Exposing the Ecosystem and Motives Behind Credential Phishing, Theft and Abuse
In this white paper, Unit 42 details the ecosystem behind how adversaries steal and leverage legitimate credentials to break in and move laterally within the organization, often bypassing security controls. Learn the key attack methods currently in use, how this technique fits into attacker playbooks, and real-world guidance on preventing successful attacks.
As recent headlines illustrate, malicious actors are improving their ability to compromise organizations with increasing usage of automated tools to scaletheir attacks. The malware distribution mechanism that malicious actors are coming to rely on in order to generate profits from their activity, like holding files for ransom or stealing information for resale, are exploit kits. Exploit kits are server-based frameworks that automate the exploitation of vulnerabilities on target machines, most commonly while victims are browsing the web. While an increasingly urgent challenge, exploit kits can be thwarted with the right security technology and risk management processes. Unit 42, the Palo Alto Networks® threat intelligence team, recently released an in-depth report on exploit kit history, evolution and effective defenses.
Unit 42 tracks Nigerian Threat Actors and finds they've evolved into capable and formidable adversaries successfully attacking major companies and governments.
Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.
Exploit kits, which first became popular in 2006, are used to automate the exploitation of vulnerabilities on victims’ machines, most commonly while users are browsing the web. Over the past decade they have become an extremely popular means for criminal groups to distribute mass malware or remote access tools (RAT), because they lower the barrier to entry for attackers and can enable opportunistic attacks at scale. To understand this phenomenon, we must understand the ecosystem that surrounds exploit kits, including the actors, campaigns and terminology involved.
We surveyed decision-makers in the UK, Germany, France, the Netherlands and Belgium to understand how they plan to adjust to the changing world of cybersecurity.
It’s exciting when we’re recognized in the market as the security vendor customers can count on to protect their users and their data. Now, we have a third-party report that publicly corroborates what our customers have been saying: that Palo Alto Networks is effective when it comes to protecting the data center.
The business model behind crimeware has changed. In the past, attackers typically profited from their malicious endeavors by stealing identities, or credit card numbers, and selling them on underground markets for a small fee. In recent years, the price for stolen records has plummeted, falling from $25 per record in 2011 to only $6 in 2016.1 This has necessitated new sources of income for cyber attackers, with many of them turning to ransomware due to recent advances in attack distribution, anonymous payments, and the ability to reliably encrypt and decrypt data. Unit 42, the Palo Alto Networks® threat research team, reviews the past, present and future of ransomware in this report, including strategies for preventing this critical threat.
On March 4, 2016, Unit 42, the Palo Alto Networks® threat intelligence
team, identified the first ever fully functional ransomware targeting
Mac® OS X® users.
On March 4, 2016, Unit 42, the Palo Alto Networks threat intelligence team, identified the first ever fully functional ransomware targeting Mac OS X users. KeRanger has the ability to encrypt and prevent access to sensitive files, and demands a $400 ransom payment to restore access. The emergence of KeRanger represents a continuation of the ransomware threat observed in the broader attack landscape, and is a reminder that all platforms are subject to malicious activity.
The Palo Alto Networks threat research team, Unit 42, has spent the last seven months investigating a series of attacks, determining that they are the result of a long-standing cyber espionage campaign. The campaign, which we refer to as “Scarlet Mimic,” has activity dating back over four years. The result of our analysis has allowed us to connect a series of disparate attacks into a coherent picture of the Scarlet Mimic operation, which has targeted human rights activists, as well as organizations with knowledge about these groups, including government entities.
Palo Alto Networks’ Unit 42 and the Cyber Threat Alliance identify and track CryptoWall “ransomware” campaign responsible for extorting $325 million. Information sharing by the Cyber Threat Alliance better protects customers and the community from threats like CryptoWall, one of the most lucrative criminal campaigns on the Internet. Download the Executive Advisory Report to learn about how to protect your organization from ransomware.
Unit 42 has recently identified malware exploiting an attack technique we have named “BackStab,” in which attackers can capture private information from backup files stored on a Windows PC or Macintosh. Under default conditions, iOS devices plugged into a computer running iTunes may create an unencrypted backup file that contains many types of private information. Forensics experts have known about these backups for years and have used them to capture phone data without requiring direct access to the phone. We have found that malicious attackers are now using malware to steal data using this same technique.
The AUTR provides visibility into the real-world threat and application landscape, helping security teams to understand how adversaries are attempting to attack organizations around the world and build proactive, actionable controls. Built by the Unit 42 threat research team, the report correlates data from more than 7,000 enterprise organizations, providing broad visibility into critical trends.
Operation Lotus Blossom describes a persistent cyber espionage campaign against government and military organizations in Southeast Asia. The report exposes the targets, tools, and attack techniques, and provides full details on the Lotus Blossom campaign, including all indicators of compromise. Unit 42 discovered these attacks using the Palo Alto Networks AutoFocus™ platform, which enables analysts to correlate the results of the hundreds of millions of reports generated by WildFire™.
CoolReaper: The Coolpad Backdoor
New research from Unit 42 confirms security risk in Coolpad devices
Palo Alto Networks researchers have uncovered CoolReaper, a backdoor contained in millions of Android devices sold by manufacturer Coolpad. CoolReaper exposes users to potential malicious activity and appears to have been installed and maintained by Coolpad despite objections from customers.
Due to the unique way Coolpad modifies the Android OS, it is difficult for Android antivirus programs to identify and remove this backdoor.
Unit 42's Threat Landscape Review examines data from WildFire™, a key component of the Palo Alto Networks threat intelligence cloud, to identify how organizations in different industries are targeted and affected by malware.
Read the report about WireLurker and its potential impact, and get recommendations for preventing and mitigating WireLurker and other iOS and OS X malware threats.
