VIRTUAL DESKTOP TOOLS

Trellix Finds Business Services Top Target of Ransomware Attacks

Trellix | July 19, 2022 | Read time : 02:37 min

Trellix Finds news
Trellix, the cybersecurity company delivering the future of extended detection and response (XDR), today released The Threat Report: Summer 2022, analyzing cybersecurity trends and attack methods from the first quarter of 2022.

The report features research from Trellix Threat Labs into connected healthcare and access control systems. It also includes analysis of email security trends and details the evolution of Russian cybercrime related to the conflict in Ukraine where new malware or methods have yet to be observed. Key findings:

Increased Threats to Business Services: Companies providing IT, finance and other types of consulting and contract services were targeted by adversarial actors more often, demonstrating cybercriminals desire to disrupt multiple companies with one attack. Business services accounted for 64% of total U.S. ransomware detections and was the second most targeted sector behind telecom across global ransomware detections, malware detections, and nation-state backed attacks in Q1 2022.
  • Ransomware Evolution: Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined. Trellix also observed ransomware groups building lockers targeting virtualization services with varied success. Leaked chats from the quarter’s second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cybercriminal enterprises.
  • Email Security Trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware. Trellix also identified emails with malicious documents and executables like infostealers and trojans attached.

“With the merging of our digital and physical worlds, cyberattacks cause more chaos in our daily lives, Adversaries know they are being watched closely; the absence of new tactics observed in the wild during the war in Ukraine tells us tools are being held back. Global threat actors have novel cyber artillery ready to deploy in case of escalation and organizations need to remain vigilant.”

-Christiaan Beek, Lead Scientist and Senior Principal Engineer, Trellix.

The Threat Report: Summer 2022 leverages proprietary data from Trellix’s network of over one billion sensors, open-source intelligence and Trellix Threat Labs investigations into prevalent threats like ransomware and nation-state activity. Telemetry related to detection of threats is used for the purposes of this report. A detection is when a file, URL, IP-address, suspicious email, network behavior or other indicator is detected and reported via the Trellix XDR ecosystem.

Additional Resources
  • Trellix Threat Center
  • Trellix Threat Labs Blog
  • The Threat Report: Summer 2022

About Trellix-
Trellix is a global company redefining the future of cybersecurity and soulful work. The company’s open and native extended detection and response (XDR) platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security.

Spotlight

Machine learning, automation, the speed at which we can execute security processes – it’s all resulting in minimal downtime for some customers and the enhanced ability for all to use cyber security as a business enabler.

Spotlight

Machine learning, automation, the speed at which we can execute security processes – it’s all resulting in minimal downtime for some customers and the enhanced ability for all to use cyber security as a business enabler.

Related News

VIRTUAL DESKTOP TOOLS

Lulea University of Technology Transforms Delivery of Education with Citrix

Citrix | August 22, 2022

Just like work, education today can happen anywhere. And students want the freedom and flexibility to choose where and how they learn best. Luleå University of Technology (LTU) understands this, and is using solutions from Citrix Systems, Inc. to tear down the walls of the traditional classroom and deliver a modern experience that empowers its student to learn from anywhere and perform at their best. “Teaching has become space independent, We are a university of technology and we are expected to be at the forefront in using IT to provide a superior educational experience in the classroom, the dorm room and anywhere in between.” Daniel Ström CIO, LTU Borderless Classrooms When the pandemic hit, LTU did just this, leveraging Citrix DaaS to create cloud-based workplaces through which teachers and students could access everything they needed to stay connected and continue learning. LTU’s students use 300 different applications, some of which require significant computing power traditionally provided by powerful workstations available in on-campus computer labs. And for students to continue learning remote - often using low-powered, personal laptops and other devices - LTU needed to provide access to these applications. It was a tall order. But LTU was able to fill it using Citrix DaaS to provide students with secure access to their desktops and applications from anywhere and Microsoft Azure to allocate the processing power and computing resources required to support them. “With Citrix, it was very easy for us to step up and make this available for all the students through their own computers,” said Lennart Isaksson, Head of Student Computer Lab Administration, LTU. And it was able to do it quickly, enabling full remote availability for 19,000 students in a matter of days. “When it comes to remote desktop use cases, nothing comes close to Citrix,” Ström said. Simplified Management One of the biggest advantages of Citrix, according to Isaksson, is the time saved in application management. “With the traditional PC model, it would take several hours to install all the necessary applications on each PC. And we have over 800 student computer lab PCs,” he said. “With Citrix, it’s much better. We have a single, base image with all the applications and we just replicate it to all the virtual machines that we are spinning up.” Enhanced Security Another key benefit of Citrix DaaS is the enhanced security it provides. “It’s a much safer approach than the traditional PC model,” Isaksson said. “All the apps are up to date and always available from any endpoint device.” Modern Education And of importance to Ström, Citrix makes it easy for LTU to keep pace with technology as it evolves and deliver the IT performance and experience that its students expect. “Young people today are raising the bar,” he said. “When you build a new computer lab under the traditional model, you get only 12 to 24 months when it is modern. After that, the students get less and less satisfied. With the Citrix model, we can add new machines in the background as the technology evolves, so the computer labs are always new and fresh.” LTU joins hundreds of educational institutions around the world who are using Citrix to transform learning. Click here to read the stories of their success. About Citrix Citrix builds the secure, unified digital workspace technology that helps organizations unlock human potential and deliver a consistent workspace experience wherever work needs to get done. With Citrix, users get a seamless work experience and IT has a unified platform to secure, manage, and monitor diverse technologies in complex cloud environments.

Read More

VIRTUAL DESKTOP TOOLS

VMware Report Warns of Deepfake Attacks and Cyber Extortion

VMware | August 09, 2022

At Black Hat USA 2022, VMware, Inc. released its eighth annual Global Incident Response Threat Report, which takes a deep dive into the challenges faced by security teams amid pandemic disruptions, burnout, and geopolitically motivated cyberattacks. Sixty-five percent of defenders state that cyberattacks have increased since Russia invaded Ukraine, according to report findings. The report also shines a light on emerging threats such as deepfakes, attacks on APIs, and cybercriminals targeting incident responders themselves. “Cybercriminals are now incorporating deepfakes into their attack methods to evade security controls,” said Rick McElroy, principal cybersecurity strategist at VMware. “Two out of three respondents in our report saw malicious deepfakes used as part of an attack, a 13% increase from last year, with email as the top delivery method. Cybercriminals have evolved beyond using synthetic video and audio simply for influence operations or disinformation campaigns. Their new goal is to use deepfake technology to compromise organizations and gain access to their environment.” Additional key findings from the report include: Cyber pro burnout remains a critical issue. Forty-seven percent of incident responders said they experienced burnout or extreme stress in the past 12 months, down slightly from 51% last year. Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result. Organizations are working to combat this, however, with more than two-thirds of respondents stating their workplaces have implemented wellness programs to address burnout. Ransomware actors incorporate cyber extortion strategies. The predominance of ransomware attacks, often buttressed by e-crime groups’ collaborations on the dark web, has yet to let up. Fifty-seven percent of respondents have encountered such attacks in the past 12 months, and two-thirds (66%) have encountered affiliate programs and/or partnerships between ransomware groups as prominent cyber cartels continue to extort organizations through double extortion techniques, data auctions, and blackmail. APIs are the new endpoint, representing the next frontier for attackers. As workloads and applications proliferate, 23% of attacks now compromise API security. The top types of API attacks include data exposure (encountered by 42% of respondents in the past year), SQL and API injection attacks (37% and 34%, respectively), and distributed Denial-of-Service attacks (33%). Lateral movement is the new battleground. Lateral movement was seen in 25% of all attacks, with cybercriminals leveraging everything from script hosts (49%) and file storage (46%) to PowerShell (45%), business communications platforms (41%), and .NET (39%) to rummage around inside networks. An analysis of the telemetry within VMware Contexa, a full-fidelity threat intelligence cloud that’s built into VMware security products, discovered that in April and May of 2022 alone, nearly half of intrusions contained a lateral movement event. “In order to defend against the broadening attack surface, security teams need an adequate level of visibility across workloads, devices, users and networks to detect, protect, and respond to cyber threats, When security teams are making decisions based on incomplete and inaccurate data, it inhibits their ability to implement a granular security strategy, while their efforts to detect and stop lateral movement of attacks are stymied due to the limited context of their systems.” Chad Skipper, global security technologist at VMware Despite the turbulent threat landscape and rising threats detailed in the report, incident responders are fighting back with 87% saying that they are able to disrupt a cybercriminal’s activities sometimes (50%) or very often (37%). They’re also using new techniques to do so. Three-quarters of respondents (75%) say they are now deploying virtual patching as an emergency mechanism. In every case, the more visibility defenders have across today’s widening attack surface, the better equipped they’ll be to weather the storm. Methodology VMware conducted an online survey about trends in the incident response landscape in June 2022, and 125 cybersecurity and incident response professionals from around the world participated. Percentages in certain questions exceed 100 percent because respondents were asked to check all that apply. Due to rounding, percentages in all questions may not add up to 100 percent. VMware Explore In addition to VMware’s presence at Black Hat USA 2022, there will be more than 100 security talks at VMware Explore, the global multi-cloud industry event taking place August 29 – September 1, 2022 at Moscone Center in San Francisco. Register today to begin building your agenda. About VMware VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.

Read More

VIRTUAL DESKTOP TOOLS

Deloitte Launches Zero Trust Access, a New Managed Security Service

Deloitte | July 16, 2022

To help organizations adopt zero trust more quickly and efficiently, Deloitte is launching a new managed service – Zero Trust Access— that offers a cloud-native approach to securing communications between users, on any device, and enterprise applications, wherever they may reside. The Zero Trust concept commits to removing implicit trust within an information technology (IT) ecosystem and replacing it with a risk-based approach to accessing organizational resources across identities, workloads, data, networks and devices. This trend is gaining momentum, given legacy approaches to security architecture are no longer suitable to secure the ubiquitous nature of the modern enterprise. Part of the newly expanded Zero Trust by Deloitte, Zero Trust Access facilitates zero trust adoption and the evolving needs of organizations in protecting their applications, infrastructure, and data. Following the integration of recently acquired talent and technology into existing Deloitte services, the Zero Trust Access managed service connects users to applications through a frictionless cloud-native solution that is inherently scalable, resilient, agile, and secure. Further, the managed service is available standalone, integrated with other Deloitte offerings, or as part of a broader solution leveraging technologies from Deloitte's alliances ecosystem. "As perimeter-based approaches are no longer suitable to secure the modern enterprise, many organizations are working to enhance protection for their IT ecosystems via zero trust, Zero Trust Access was built as a turnkey managed service helping ourselves and our clients accelerate adoption of this transformative security framework. Our goal was to create a cost-effective solution that can be delivered standalone or complementary to a broader ecosystem and ultimately help decrease the burden on IT and security teams who likely need to manage multiple heterogenous solutions to achieve similar outcomes." Andrew Rafla, Deloitte Risk & Financial Advisory's zero trust offering leader and principal, Deloitte & Touche LLP With innovative data protection leveraging device-level secure microcontainer technology, Zero Trust Access helps protect infrastructure while also enabling organizations to protect sensitive enterprise data and enforce least privilege through dynamic access control to enterprise assets. The managed service can replace remote access solutions inclusive of virtual private network (VPN), virtual desktop infrastructure (VDI), and desktop as a service (DaaS), all of which typically require significant capital expenditure for infrastructure, high operating costs, and technology management overhead. Zero Trust Access includes features such as ephemeral connectivity built upon secure peer-to-peer (P2P) communication, conditional access and continuous authorization, as well as robust data protection for data at-rest, in-use, and in-transit are consistently applied to each session, regardless of the type or location of the applications being accessed (e.g., legacy hosted applications, software as a service (SaaS), thick-client, web-based applications). Implementation of Zero Trust Access can help organizations leverage outcome-based solutions that improve business agility, enhance user productivity, and reduce cost and complexity of security operations. "Beginning zero trust adoption isn't simple, fast or easy for most organizations," Deborah Golden, Deloitte Risk & Financial Advisory Cyber and Strategic Risk leader and principal, Deloitte & Touche LLP. "We're launching Zero Trust Access as the first in many adoption-enabling services and solutions to come, so that our clients are better able to modernize their security programs, enable agile operations and confidently advance with emerging technologies and transformative risk management principles that can build more resilient security practices." About Deloitte Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world's most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today's marketplace — delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Building on more than 175 years of service, our network of member firms spans more than 150 countries and territories.

Read More