Advertisement
Home Blog

Security Solutions Issue 115 Out Now!

In Security Solutions Issue 115, we look at the role of the private security industry in Australia’s national counter-terrorism plans. We also discuss strategies to help identify insider threats, examine whether or not prisons are fertile recruiting grounds for terrorist groups and explore ways to demonstrate the value of an effective cyber security strategy to the company board.

Check out the latest issue today and subscribe!

BeyondTrust Recognised as a 2024 Gartner® Peer InsightsTM Customers’ Choice for Remote Desktop Software for Second Consecutive Year

Sam Elliott, SVP Products at BeyondTrust 

  • The Gartner® Peer Insights™ “Customers’ Choice” distinction is based on feedback and ratings from end-user professionals who have experience purchasing, implementing and using BeyondTrust products
  • As of June 30, 2024, BeyondTrust has earned an end-user review overall rating of 4.6 out of 5 in the Remote Desktop Software market, with 97% of reviewers noting a “Willingness to Recommend,” based on 70 reviews over the past 18 months

BeyondTrust, the global cybersecurity leader protecting Paths to Privilege™, today announced BeyondTrust Remote Support was placed by Gartner® Peer Insights™ in the Customers’ Choice Quadrant; and designated as a Customers’ Choice, with 97% of reviewers indicating a “Willingness to Recommend” score. Per our understanding, vendors placed in the upper-right quadrant of the “Voice of the Customer” report meet or exceed the market average Overall Rating and the market average User Interest and Adoption. This is the second consecutive time BeyondTrust has been distinguished as a Customers’ Choice in the Remote Desktop report.

Gartner Peer Insights is a free peer review and ratings platform designed for enterprise software and services decision makers. Reviews are organized by products in live markets that align to Gartner research markets.

Gartner defines Remote Desktop software as tools that allow secure access and control of remote devices across multiple platforms. The software provides the same level of access as being physically present to manage and control the resources of the remote device. The software offers secure transfer of files in a live or unattended support session. It is generally used by IT professionals performing maintenance and support personnel assisting end users.

BeyondTrust Remote Support is the only solution to elevate the service desk by empowering organisations with scalable support and proactive IT across enterprises of all sizes, with the assurance of secure access to any device, any system, every time. With industry-leading security for every access session, built on best-in-class session monitoring and compliance reporting, BeyondTrust Remote Support is trusted by organisations of all sizes across all industries to securely access, monitor, and repair devices and endpoints.

Resulting in an overall rating of 4.6 out of 5 stars (as of June 30, 2024), 70 verified end-users from a variety of roles in IT provided reviews of BeyondTrust Remote Support over the past 18 months.  Feedback from the verified reviews included:

“BeyondTrust Remote Support has been one of the most amazing tools we have ever used. This tool has made the major problem of remote troubleshooting a very simple task due to its simple and friendly user interface and its reliability and connectivity. Simply put, this has been one of the hero tools of our back-end operations. “

–  IT Analyst  (Industry: IT Services)

 

“We’ve used the BeyondTrust Remote Support software for over seven years now and been pleased with the consistency in which it delivers on what it promises. We’ve never needed to submit a support ticket for anything beyond a configuration question. It has been rock solid from the day we deployed it.”

 

“BeyondTrust Remote Support provides secure access to devices in our environment very efficiently. Scalability is a plus, and ease of use and deployment are key benefits. FedRAMP compliance is a must.”

 

“Reliable, fast, and very easy for your end users to connect and use to enable remote support. One of the best remote support tools I’ve used simplifies the initial process of enabling the end user to initiate the remote session and enable you to support them. The queue management for end users is great for them to choose an available agent, while the technician gets notification that someone is waiting to start the remote support session.

IT Service Desk Manager (Industry: Retail)

“Receiving the 2024 Customers’ Choice distinction for Remote Desktop Software underscores our commitment to providing top-tier solutions that prioritise exceptional customer experiences,” said Sam Elliott, SVP Products at BeyondTrust. “We are dedicated to continuously innovating and enhancing our offerings to help our customers meet their security goals. We are truly grateful for the valuable feedback shared by our customers through Gartner Peer Insights.”

More information on BeyondTrust’s ranking in the Gartner Peer Insights for Remote Desktop Software can be seen here.

Gartner, Gartner Peer Insights ‘Voice of the Customer’: Remote Desktop Software, Peer Contributors, August 20, 2024.

Gartner® and Peer Insights™ are trademarks of Gartner, Inc. and/or its affiliates. All rights reserved. Gartner® Peer InsightsTM content consists of the opinions of individual end users based on their own experiences, and should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

 

Check Point Software Unveils New MSSP Portal for Partners: Vastly Simplifying Service Delivery and Ease of Doing Business

The New Portal streamlines management, offering scalable security services at the click of a button

Francisco Criado, Check Point’s VP of Global Partner Ecosystem Organisation

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading cyber security platform provider of AI-powered, cloud-delivered solutions, has unveiled its innovative Portal designed for both managed security service providers (MSSPs) and distributors. This platform significantly simplifies service delivery and enhances the ease of doing business with Check Point.

According to Canalys, the global MSSP market is projected to grow by 14.2% annually, driven by increasing cyber threats and the need for specialised security services. However, MSSPs and channel partners today face a range of challenges—from efficiently scaling their services, managing multiple customers across disparate security solutions, ensuring compliance with evolving industry regulations, to balancing operational costs with profitability. The Check Point MSSP Portal offers a powerful solution to overcome these hurdles, enhancing security and streamlining operations.

Matt Payze, CEO, of Adelaide-based Southern Cyber, said: “The new MSSP portal is a game-changer in optimising our service delivery. What used to take weeks can now be accomplished in minutes, from customer onboarding to tenant creation, all within a single management pane with a full view of services, status contract and converting POCs to trial. This efficiency lowers our delivery costs and simplifies our operations, streamlines our financial planning, and making our services more profitable while boosting customer satisfaction. The portal’s ability to streamline processes allows us to focus on providing top-tier security solutions with greater speed, agility and precision, consistently exceeding client expectations.”

Francisco Criado, Check Point’s VP of Global Partner Ecosystem Organisation, added: “Our new Portal is here to make life easier for our valued partners, enhancing efficiency and driving business growth. We are deeply committed to our partner ecosystem, and this Portal stands as a testament to our dedication, serving as a powerful ally in the fight against cybersecurity threats.”

At the core of these advancements is a meticulously designed, user-centric Portal that enables effortless onboarding of partners—a process that previously took as long as a week and now takes only two minutes. This efficiency not only saves time but also reduces operational costs for MSSPs. The Portal seamlessly integrates MSSPs into the Check Point Infinity Platform, marking a significant achievement in Check Point’s MSSP program and transforming business operations.

The Check Point MSSP Portal is not just about enhancing operational efficiency; it’s about transforming the way MSSPs engage with technology, manage services, and ultimately, how they meet the evolving security needs of their clients. It features a range of enhancements including:

  • Effortless Onboarding: New capabilities empower distributors to onboard MSSPs with the click of a button
  • Diverse Security Portfolio: Effortlessly deploy an array of services in minutes, such as endpoint, email, mobile, SASE, and cloud
  • Profitability with Minimal Risk: Flexible billing, predictable revenue, no long-term commitments, or upfront investment

Explore the MSSP program in detail by visiting us online: checkpoint.com/partners/mssp-program/

H1 2024 DDoS Threat Review – Radware

This article originally appeared on Radware’s security blog. In the post, Director of Threat Intelligence at Radware, Pascal Geenans, discusses how web DDoS attacks are not only multiplying, but also becoming much more sophisticated.

Web DDoS Attack Activity

The frequency and intensity of the new generation of HTTPS floods have increased dramatically, and the sophistication introduced by attackers is growing quickly. In the first half of 2024, web distributed denial of service (DDoS) attacks saw a significant increase in frequency and intensity. A good portion of this activity can be attributed to hacktivists motivated by political tensions. Today’s hacktivists are known to reach for more sophisticated L7 attacks targeting online applications, and new vectors such as HTTP/2 Rapid Reset and Continuation floods are taking these attacks to new heights in intensity and duration.

Web DDoS Attacks per Quarter.

The number of Web DDoS attacks blocked by Radware’s Cloud Protection Services increased almost exponentially in 2024. In Q1 2024, the number of mitigated Web DDoS attacks increased by 137% compared to Q4 2023. In Q2 2024, the number of Web DDoS attacks increased again with 85% compared to Q1 2024.

The majority of Web DDoS attacks targeted organizations in the EMEA region, influenced by geopolitical conflicts and significant events like the EU parliament elections, Euro 2024 in Germany and the 2024 Olympic Games in Paris.

Attack traffic patterns targeting organizations in our cloud demonstrated a shift to larger, more intense and more impactful Web DDoS attacks in 2024.

Web DDoS Attacks size distribution.

Application-layer DNS DDoS Attack Activity

DNS Queries per Year.

The number of malicious DNS flood queries in the first six months of 2024 has already increased by 76% compared to the total number of queries observed during the whole year in 2023.

Application-layer DNS DDoS attack activity tripled between 2022 and 2023 and quadrupled between H1 2023 and H1 2024. Finance was the most targeted industry, representing 52% of the total DNS query flood attack activity. Technology, telecom, healthcare, and research and education were other notable industries. Most large application-layer DNS flood attacks in the first half of 2024 leveraged DNS-A requests.

Network-Layer DDoS Attack Activity

Network-layer DDoS attacks, which actually span L3 and L4, also exhibited a rising trend in H1 2024.

Number of Attacks (normalized).

The average network-layer DDoS volume blocked per organisation in H1 2024 grew by 81% compared to H2 2023 and by 205% compared to H1 2023. The network-layer volume blocked per organisation in H1 2024 was 14% higher compared to the network-layer volume all of 2023.

DDoS Volume (normalized).

In H1 2024, Radware’s Cloud DDoS Protection Services mitigated an average network-layer attack volume of 1.23TB per month per organisation. This represents an increase of 127% in the average network-layer DDoS volume blocked per organisation per month between 2023 and 2024. In contrast, the increase in average network-layer volume blocked per organisation per month between 2022 and 2023 was 17%.

Most Attacked Industries in 2024 H1.

Finance organisations experienced the highest network-layer attack activity, followed by healthcare, technology, government, transportation and logistics, and gaming.

DNS and NTP were responsible for 87% of the total network-layer amplification attack volume. DNS, HTTPS and SIP were the most targeted applications by network-layer DDoS attacks.

Hacktivist DDoS Attack Activity

The hacktivist landscape remained dynamic with constant DDoS activity. Hacktivist-driven DDoS attacks hovered between 1,000 to 1,200 claimed attacks per month in 2024 with Ukraine being the most targeted country.

Claimed DDoS Attacks per Month.

Pro-Russia hacktivist group NoName057(16) remained the most active threat actor. With a total of 5,287 DDoS attack claims since January 2023—of which 1,902 claims took place in the first half of 2024—NoName057(16) leaves the other actors behind by a significant margin. The Cyber Army of Russia Reborn, Anonymous Sudan, Mysterious Team, Executor DDoS and Team Insane PK have been the most active threat actors since January 2023. 62IX, Sylhet Gang, HackNet and RipperSec were among the most notable hacktivist groups in the first half of 2024 alone.

Number of Attacks Claimed per Actor.

During the first half of 2024, the pro-Russia hacktivist actor group NoName057(16) was observed joining and creating multiple alliances— some temporary, others more permanent. One of their collaborations, with the Cyber Army of Russia Reborn, resulted in a significant amount of attack activity targeting Ukraine, doubling the activity in Ukraine compared to what was observed in 2023. Although Ukraine was only the fourth most targeted country in 2023, it became the most targeted country during the first half of 2024.

Number of Attacks Claimed per Country.

In South Asia, India observed many claimed attacks from Indonesian and Bangladeshi hacktivists with Anonymous Susukan, Ketapang Grey Hat Team and Sylhet Gang claiming the most attacks. Pakistan was also one of the most frequently attacked countries, mostly by Indian hacktivists Team NWH, Dark Cyber Warrior, Kingsman, Hacktivist Vanguard and Team Network Nine.

The United States became an important target for DDoS-as-a-service providers that like to leverage big, highly visible organisations as a target for their proof-of-capability advertisements. The Telegram groups Channel DDoS v2, ZeusAPI Services and Krypton Networks claimed the most attacks targeting the United States.

The top attacker collectives targeting Israel included RipperSec, 1915 Team, Sylhet Gang, Anonymous Muslims, LulzSec Indonesia, Team ARXU, StarsX Team and Dark Storm Team.

Targeted Web Categories.

Government websites were the most targeted web category since January 2023.

Reasons for Concern

The first half of 2024 both continued and accelerated on trends we observed in 2023. As geopolitical tensions grew around the globe, AI technology democratised through the adoption of increasingly powerful and publicly available LLM models by threat actors. With indications of a decelerating financial market and an upcoming pivotal election in the history of the United States, we anticipate continued high levels of global activity and a perpetually evolving threat landscape.

Read about the record six-day, 14.7 million RPS Web DDoS attack campaign by a pro-Palestinian hacktivist group and new advancements in DDoS-as-a-service tools. Plus, get new details on notable attack patterns and tactics from attackers as captured from our Cloud Protection Services during the first half of 2024.

Pascal Geenens

As the Director, Threat Intelligence for Radware, Pascal helps execute the company’s thought leadership on today’s security threat landscape.

Check Point Software Appoints Ruma Balasubramanian as New Asia Pacific & Japan President, Bringing Proven Tech Leadership and Business Transformation Experience

Ruma Balasubramanian, President for the Asia Pacific & Japan (APAC) region

Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading cyber security platform provider of AI-powered, cloud-delivered solutions, announces the appointment of Ruma Balasubramanian as President for the Asia Pacific & Japan (APAC) region. Ruma succeeds Sharat Sinha who left earlier this year to take on another role in the industry. She will lead Check Point’s overall business across APAC, collaborating closely with sales, marketing, product engineering, and customer success teams. With her extensive experience in cloud and digital transformation, Ruma is set to drive Check Point’s growth through strategic partnerships and innovative, AI-powered security solutions.

Ruma’s recent leadership roles at Google Cloud, where she managed high-growth segments across APAC, and her previous tenure as Vice President and Chief Transformation Officer for Cisco’s Asia Pacific, Japan, and Greater China business, have equipped her with deep expertise in scaling technology solutions and driving market expansion. Her global background includes key roles at Hewlett Packard Enterprise Services, AT Kearney, and IBM, making her well-positioned to advance Check Point’s mission of delivering cutting-edge cyber security solutions tailored to APAC’s diverse needs.

Ruma is passionate about building inclusive teams and empowering women in technology fields. She serves as an Independent Director for RightShip, an ESG-focused digital maritime platform, where she chairs the Digital Transformation and Cyber Security Committee.

“I’m thrilled to join Check Point at this critical time,” said Ruma Balasubramanian. “As cyber threats become more sophisticated, it’s crucial for organisations to partner with a cyber security leader that enables them to securely scale through AI, data, and cloud. Check Point’s prevention-first approach and 3Cs framework—comprehensive, collaborative, and consolidated security—demonstrate our commitment to innovation and trust.”

Sherif Seddik, President of International Sales noted, “We are excited to welcome Ruma to our management team. Her experience in customer transformation and partner development makes her the ideal leader for our growing business in APAC as cyber security demand continues to expand. We are appreciative of Sharat’s contributions to our APAC business and wish him the best. We look forward to Ruma taking us to our next level of growth.”

Gigamon Unveils New Hybrid Cloud Security Partnership with ExtraHop and WWT

New ‘Power of 3’ Solution Enhances Threat Detection and Cybersecurity for Hybrid Cloud

Gigamon, a leading deep observability company, has launched its latest Power of 3 initiative in collaboration with network security firm ExtraHop® and technology solutions provider World Wide Technology (WWT). The new offering enhances real-time threat detection for hybrid cloud environments by integrating Gigamon’s Deep Observability Pipeline with ExtraHop’s RevealX™ network detection and response (NDR) platform, delivered and supported by WWT.

The Power of 3 initiative is designed to fortify cybersecurity defenses by bringing together partners with expertise in cloud, security, and observability. With this new integration, organisations gain powerful capabilities for detecting and responding to cyber threats more efficiently. The initiative launched in June and is tailored to help customers manage hybrid cloud infrastructure with speed, precision, and effectiveness.

Dee Dee Acquista, Vice President of Worldwide Channel Sales at Gigamon, emphasises the importance of the collaboration: “Today’s threat environment continues to escalate, making real-time threat detection and remediation mission-critical. By integrating ExtraHop’s RevealX with Gigamon’s Deep Observability Pipeline and WWT’s global service network, organisations can lower their business risk and improve cybersecurity posture.”

Gigamon’s 2024 Hybrid Cloud Security Survey revealed critical gaps in threat detection, with one in three organisations unable to detect a breach in the last year. Only 25% of those surveyed could respond in real time, highlighting vulnerabilities that the Power of 3 aims to address.

This comprehensive solution will enable customers to:

  • Eliminate blind spots by offering complete visibility into East-West and North-South traffic across data centres, public clouds, and containers.
  • Achieve real-time threat detection with precision and speed through advanced network intelligence and response capabilities.
  • Maximise cost efficiency by reducing cloud traffic access costs through intelligent data routing.

ExtraHop’s John McCabe, Area Vice President of Channel Sales, adds: “By combining 360-degree visibility from RevealX with Gigamon’s data insights and WWT’s industry expertise, we’re helping our joint customers secure their operations with better visibility and faster threat detection.”

Genetec announces Australian data centre for Security Center SaaS hosted by Microsoft Azure

Leon Langlais, Chief Product Officer for APAC at Genetec

Genetec Inc. (“Genetec”), a leading technology provider of unified security, public safety, operations, and business intelligence solutions, today announced that Genetec™ Security Center SaaS will be hosted in Australia on the Microsoft Azure cloud platform. Demand for sovereign data hosting capability, robust cybersecurity, and flexible cloud options, affirmed the strategy of Genetec to offer its security solution hosted on an Australian data centre.

Built with cybersecurity and privacy at its core, Genetec Security Center SaaS is a scalable and open software as a service (SaaS) offering that unifies access control, video management, intrusion monitoring, automation, and many other advanced security capabilities.

By hosting Security Center SaaS on Azure, public and private sector organisations throughout the region will be able to obtain the flexible physical security cloud technology offering they require. They will also benefit from fast, low-latency access to the solution while ensuring data sovereignty protocols are met. Australia joins the United States, Canada, and the Netherlands as one of the four countries where Genetec has launched a data centre for Security Center SaaS.

“Australia is a forward-thinking nation that recognises the benefits of adopting cloud solutions,” explained Leon Langlais, Chief Product Officer for APAC at Genetec Inc. “Establishing a data center in this location provides our clients with the confidence that their physical security systems are managed locally. Additionally, by offering Security Center SaaS on Microsoft Azure, we reaffirm our dedication to providing reliable and advanced technology as our customers make their move to the cloud.”

Natasha Clohessy, Director of Partner Development, Microsoft Australia said, “Microsoft is pleased to collaborate with Genetec to host Security Center SaaS on Microsoft Azure. With Microsoft’s strong stance on cybersecurity as well as the IRAP Assessment and cloud flexibility, Genetec can deliver enterprise-grade physical security as a service in Australia.”

“This announcement marks the next step in the long-standing relationship Genetec has with Microsoft.   By leveraging the latest in enterprise-ready generative AI and cloud technology, we aim to solve customers’ most fundamental security challenges, enhancing the scalability, efficiency, and intelligence of security operations across various industries,” Langlais added.

Genetec has consistently achieved the highest level of partnership with Microsoft as a Gold Partner for more than ten years, and the two companies have enjoyed a long and successful collaboration for over 20 years. This collaboration has involved various initiatives, including cloud-based go-to-market initiatives[1] and enhancing the skills and capabilities of its workforce.[2]

About Security Center SaaS

Security Center SaaS enables organisations to run workloads wherever it makes the most sense whether at the edge or on managed appliances. The platform’s open architecture gives organisations the freedom to choose the devices, cameras, door controllers, and readers that work best for their business. Legacy devices that are not cloud-ready can easily be connected to Security Center SaaS using a Genetec Cloudlink™ appliance.

For more information about Security Center SaaS please visit: https://www.genetec.com/products/unified-security/security-center-saas

New Fastly Threat Research Reveals 91% of Cyberattacks Targeted Multiple Organisations Using Mass Scanning to Uncover and Exploit Vulnerabilities

Additional findings show unwanted bots, short-lived IP addresses and out-of-band domains used by adversaries to commit cybercrime and avoid detection

Fastly, Inc. (NYSE: FSLY), a leader in global edge cloud platforms, today released the “Fastly Threat Insights Report,” which found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. This new report provides the latest attack trends and techniques across the web application and API security landscape.

The Fastly Threat Insights Report builds on the 2023 “Fastly Network Effect Threat Report,” and is based on data collected April 11 to June 30, 2024 from Fastly’s Network Learning Exchange (NLX), the collective threat intelligence feed for Fastly’s Next-Gen WAF, and Out-of-Band (OOB) Domains as well as traffic signaled by Fastly Bot Management from April 1 to June 30, 2024. Fastly’s Next-Gen WAF protects over 90,000 apps and APIs[1] and inspects ~5.5 trillion requests per month[2] across some of the world’s largest e-commerce, streaming, media and entertainment, financial services, and technology companies.

Among the report’s key findings:

  • Adversaries performing mass scanning: 91% of attacks originating from NLX sources targeted multiple customers; 19% targeted over 100 different customers. This is a significant increase from Q2 2023 insights, where 69% of NLX sources targeted multiple customers.
  • Bots comprise more than one-third of Internet traffic: A significant amount of global internet traffic is attributed to requests generated by automation tools; approximately 36% of traffic originated from bots, while the remaining 64% came from human users.
  • Dramatic increase in usage of out-of-band domains to actively exploit three WordPress Plugin CVEs (CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000). Seven out-of-band domains were used to inject malicious content, install backdoors, and track infected applications.
  • Short-lived IP addresses help attackers evade detection: 49% of IP addresses added to NLX were listed for just one day, with the average duration being 3.5 days. Attackers use IPs for a short period to avoid detection, highlighting the importance of adaptive security controls that can mitigate varied threats.
  • High Tech remains top industry targeted, accounting for 37% of attacks, although slightly down from last year at 46%. Other top industries for 2024 include Media & Entertainment (21%) and Financial Services (17%).

“By performing mass scanning, attackers increase the likelihood of discovering vulnerable systems. The more targets scanned, the higher the probability of finding at least one exploitable weakness,” said Fastly Staff Security Researcher Simran Khalsa. “It’s not enough to respond to attacks. We must anticipate them, continuously adapt, and stay one step ahead. Based on trillions of requests across our global customer base, this new report provides an overview of the current threat landscape and actionable insights for security teams to help protect their valuable assets.”

To read the complete report, visit https://learn.fastly.com/security-threat-insights-report.

DNS DDoS Attacks Quadruple in H1 2024

In the first half of 2024, cyberattacks have surged globally, with Radware’s H1 2024 Global Threat Analysis Report shedding light on the alarming increase in malicious activity. Geopolitical tensions, international events, and the democratisation of AI are key drivers behind this escalation. Radware’s report outlines the various sectors and regions bearing the brunt of the assaults.

Key Findings:

  1. Application-Layer DNS DDoS Attacks Quadruple
    Compared to the same period in 2023, application-layer DNS DDoS attack activity quadrupled. This surge highlights the critical vulnerabilities within internet infrastructure. Finance organisations are the hardest hit, representing 52% of total Layer 7 DNS Flood attacks.
  2. EMEA: DDoS Hotspot
    The report emphasises that over 90% of web DDoS attacks targeted organizations in EMEA (Europe, the Middle East, and Africa). In a record-breaking event, a six-day attack on a financial institution sustained a peak of 14.7 million requests per second (RPS), showcasing the rising sophistication of these assaults.
  3. North America Bears the Brunt of Web Application Attacks
    North America was the main target of web application and API attacks, accounting for 66% of the global volume. The growing dependence on cloud services and online applications in the region makes it particularly vulnerable.
  4. Hacktivist Activity Surges
    The hacktivist group NoName057(16) topped the charts with nearly 1,900 DDoS attacks claimed during the period. Ukraine remained a top target, with double the number of attacks compared to the same period in 2023.
  5. Network-Layer DDoS: A Finance Sector Nightmare
    Globally, finance organisations experienced 44% of network-layer DDoS attacks. The report also reveals a significant spike in attack volumes in EMEA and APAC regions, with average blocked attack volumes up by 293% and 302%, respectively.

Conclusion
The first half of 2024 has proven that cyber threats are evolving, becoming more frequent and powerful. As AI technologies become more accessible to threat actors, organisations across the globe need to bolster their defences to navigate the ever-growing threat landscape. Radware’s full Global Threat Analysis Report provides further insights into the challenges ahead.

For more details, download Radware’s 2024 Global Threat Analysis Report.

Entrust launches new cryptographic key management solution

Entrust has delivered a new KeyControl as a Service (KCaaS), providing organisations with control of their cryptographic keys while leveraging the benefits of the cloud.

From the company:

Existing key management solutions can lack advanced features required to meet evolving compliance mandates and security policy requirements. Moreover, they fail to provide comprehensive contextual information about cryptographic assets, hindering effective management and risk assessment. Entrust KeyControl’s support for geographically distributed vaults enables highly effective management of keys and secrets, while mitigating aggregation risks within a cryptographic ecosystem. This approach enables data protection that aligns with local security policies and helps ensure compliance with regulatory mandates.

 

“Traditional key management solutions often fall short in tracking and controlling keys and secrets throughout their lifecycles. As enterprises increasingly rely on cryptography to safeguard their applications, workloads, and data, this can lead to compliance and security challenges,” said Bhagwat Swaroop, President Digital Security at Entrust. “When it comes to cloud data security, the ability to create, use, and control encryption keys in the cloud is vital. As such, organizations are increasingly turning to cloud-based, as-a-service solutions to fulfill their cryptographic security requirements either in addition to or as a replacement for traditional on-premises solutions. Entrust KeyControl as a Service is designed specifically to help address the challenges of securing data everywhere − including in the cloud − and managing the keys and compliance in a heterogeneous and interoperable way.”

 

The new KCaaS solution helps address these challenges by offering a unified dashboard for complete visibility, traceability, compliance tracking, and an immutable audit trail of keys and secrets that can be conveniently managed through a cloud platform. Its decentralised vault architecture ensures keys remain secure within authorised endpoints, while also supporting a wide range of cryptographic use cases. Additionally, the platform offers decentralised security with centralised visibility across the enterprise cryptographic ecosystem. This means an organisation’s cryptographic assets are not confined to a single, central repository.

 

“Veeam® recognises how key management systems can enhance security and compliance,” said Stefan Renner, Technical Director of Product Management, Alliances at Veeam, an Entrust partner. “By running key management solutions as a service, such as Entrust KeyControl, in conjunction with Veeam Backup & Replication™ (part of Veeam Data Platform), we anticipate enterprises will leverage more flexibility in deployment of their workloads – enabling greater cyber resiliency and management.”

 

Key features and benefits of the KCaaS platform include:

  • Key Lifecycle Management: Automates key storage, backup, distribution, rotation, and revocation, simplifying the management of encrypted workloads.
  • Key Inventory: Provides a centralised dashboard for fine-grained control, compliance, and risk tracking, translating complex requirements into actionable insights.
  • Decentralized Vault Architecture: Ensures keys never leave their designated vaults except to authorised endpoints, enhancing security and control.
  • Flexible Use Cases: Supports a wide range of use cases, catering to diverse needs such as Key Management Interoperability Protocol (KMIP), cloud key management options like Bring Your Own Key (BYOK) and Hold Your Own Key (HYOK) deployments, secrets management, privileged account session management, tokenization, and database protection.
  • Compliance Management: Continuous tracking of keys and secrets against compliance standards or best practices.
  • Scalability: Seamlessly scales to support millions of keys and secrets.
  • Risk Scoring: Provides continuous risk assessment and tracking for keys and secrets, ensuring proactive management and mitigation of potential security threats.

 

By combining all the key elements of visibility, compliance, risk measurement, documentation, processes, data sovereignty, decentralisation, integration, and third-party support, Entrust KeyControl as a Service can help meet the stringent regulatory challenges face by today’s enterprises.

 

KeyControl as a Service is certified to FIPS 140-2 Level 1. For organisations requiring higher levels of assurance, KeyControl as a Service can be seamlessly integrated with a FIPS 140-3 and Common Criteria EAL4+ certified Entrust nShield Hardware Security Module (HSM). The HSM provides an additional layer of security protecting the keys managed by KeyControl as a Service. It is also used in the process of generating cryptographic keys, ensuring high-quality entropy from the HSM’s random number generator is used in keys created and managed by KeyControl vaults irrespective of which vault type is deployed.

 

Entrust achieves certification FIPS 140-3 from US government

Entrust has announced that its latest generation of hardware security modules (HSMs), the nShield 5, has achieved the Federal Information Processing Standards (FIPS) 140-3 certification. This certification from the National Institute of Standards and Technology (NIST) is the latest in U.S. government computer security standards, validating the robust cryptographic capabilities of Entrust’s cutting-edge HSMs.

With the FIPS 140-3 Level 3 validation, Entrust nShield 5 HSMs stand among a select few that meet the stringent data security requirements demanded by governments, financial institutions, and enterprises worldwide. Featuring an innovative container-based architecture and a crypto-agile programmable security processor, the nShield 5 HSMs deliver up to 40% more performance compared to previous versions. This makes them an ideal solution for today’s high-security environments where data protection is paramount.

Earlier this year, Entrust’s nShield 5 HSMs also achieved Common Criteria EAL4+ certification, confirming their compliance with the European Union’s rigorous eIDAS requirements. Combined with the newly attained FIPS 140-3 certification, these certifications position Entrust nShield 5 HSMs as a trusted choice for organisations seeking comprehensive global regulatory compliance.

“Achieving FIPS 140-3 certification is a critical milestone,” said Giuseppe Damiano, VP of Product Management at Entrust. “This certification provides our customers with a solid security foundation that meets their most demanding requirements today and future-proofs their investments for evolving cryptographic standards, including post-quantum algorithms.”

To achieve this certification, Entrust underwent extensive testing and analysis by an accredited, independent third-party laboratory. Jason Lawlor, President of Lightship Security, remarked on the significance of this achievement: “Having an HSM with FIPS 140-3 certification is essential for organisations aiming to secure their data now and in the future. We were thrilled to work with Entrust to help their customers stay compliant and secure.”

In a world where encryption methods continue to evolve, crypto agility has never been more crucial. The nShield 5 HSM’s programmable security processor, a field-programmable gate array (FPGA), allows organisations to adapt to new encryption standards without needing costly and time-consuming hardware upgrades. This feature is especially important as the industry prepares for the challenges posed by quantum computing, which could render current encryption techniques obsolete.

Carl Persson, Sales Director Encryption at Verisec International AB, a long-standing partner of Entrust, praised the certification: “Our customers demand the highest level of assurance for their cryptographic keys, and the Entrust nShield family, now validated to FIPS 140-3, meets those expectations. This achievement, alongside Common Criteria certification, enhances the security and compliance features that make Entrust a leader in the industry.”

Entrust’s nShield 5 HSMs are designed to integrate seamlessly with Entrust KeyControl, the company’s flagship enterprise key management service. KeyControl provides comprehensive visibility, traceability, compliance tracking, and an immutable audit trail for cryptographic assets such as keys and secrets. With nShield 5 HSMs serving as a root of trust, customers can ensure that their keys and secrets remain secure within authorised endpoints, supporting a wide range of cryptographic use cases.

Google’s TAG Reveals Insights on APT42’s Aggressive Phishing Campaigns

Google’s Threat Analysis Group (TAG) has recently shared critical insights into the operations of APT42, an Iranian government-backed threat actor closely associated with Iran’s Islamic Revolutionary Guard Corps (IRGC). APT42 has ramped up its targeted phishing campaigns, particularly against Israel and accounts linked to the U.S. presidential election, highlighting a significant escalation in their activities.

APT42’s Targeting Patterns

APT42 has consistently focused on high-profile targets in both Israel and the U.S., including current and former government officials, diplomats, political campaigns, and individuals involved with think tanks, NGOs, and academic institutions influencing foreign policy. In the past six months, approximately 60% of APT42’s known geographic targeting has been concentrated in these two countries, underlining their strategic importance to the group’s objectives.

Spike in Targeting of Israeli Entities
Between February and July 2024, APT42 intensified its focus on Israel, targeting users with connections to the Israeli military, defense sector, diplomats, academics, and NGOs. In April, the group escalated its efforts, utilizing a variety of phishing tactics, including hosting malware, phishing pages, and malicious redirects. They often exploit popular services such as Google, Dropbox, and OneDrive to achieve their malicious aims.

One notable campaign involved APT42 creating a fake Google Sites page, masquerading as a petition from the legitimate Jewish Agency for Israel. This page, designed to deceive users into believing it was authentic, was used to harvest credentials through malicious redirects.

Credential Phishing Campaigns

APT42’s credential phishing campaigns are characterized by their sophisticated social engineering techniques, often impersonating legitimate organizations to appear credible. In one campaign, they masqueraded as the Washington Institute for Near East Policy to target Israeli diplomats, journalists, and U.S. think tank researchers. They have also used typosquat domains to deceive targets, such as “understandingthewar[.]org” to impersonate the Institute for the Study of War.

Focus on U.S. Presidential Election
APT42 has also targeted individuals affiliated with the U.S. presidential election, including current and former officials connected to both President Biden and former President Trump. Between May and June 2024, TAG detected attempts to compromise the personal email accounts of approximately a dozen individuals linked to these campaigns. Although TAG successfully blocked these attempts, they confirmed that APT42 had gained access to some accounts across multiple email providers.

Google’s Response

In response to these threats, Google’s TAG has taken several measures to disrupt APT42’s operations. This includes resetting compromised accounts, issuing government-backed attacker warnings to affected users, updating detection systems, and dismantling APT42’s infrastructure, including the removal of malicious Google Sites pages and the addition of harmful domains to Google’s Safe Browsing blocklist.

Google has also actively cooperated with law enforcement and advised campaign officials to enhance security protections, particularly given the increased threat from foreign state actors.

Conclusion

APT42’s aggressive and evolving tactics underscore the group’s commitment to advancing Iran’s political and military interests through cyber-espionage. As TAG continues to monitor and disrupt these campaigns, the importance of robust cybersecurity measures remains paramount for those in high-risk sectors.

HID unveils lineup for ASIAL exhibition

HID, the worldwide leader in trusted identity and physical access control solutions has  announced it will be at the 2024 ASIAL Security Exhibition and Conference in Sydney.

HID will showcase how advanced access control and digital identity solutions are driving digital transformation and enabling innovative and seamless workplace experiences for users and security administrators in today’s interconnected world.

Steve Katanas, Head of ANZ, Physical Access Control Solutions, said: “ HID’s technology extends from physical to digital places to enable people to navigate between both worlds with confidence. Whilst the world is constantly evolving, we manage change proactively by continuously investing in future-proof innovations, so that our partners and customers can always count on us to meet their growing and evolving needs. We look forward to this year’s ASIAL Security Exhibition to present the latest access control and trusted identity solutions to the Australian security communities and to drive the market further into the future.”

WHAT: HID will showcase class-leading technologies such as biometric enrolment, readers for extreme weather conditions, mobile access, digital identity and advanced automation solutions. Exhibits and demonstrations will include:

FacePod biometric camera

HID’s biometric enrolment technology is ideal for airports, with facial recognition technology integrating with passport scanning and more to provide a seamless, secure user experience. At the gate, the same facial recognition technology can be combined with ASSA ABLOY gates to quickly and smoothly admit ticketed passengers to the airline without the need for human intervention, freeing up airline staff to focus on enhanced customer experience.

HID® Signo™ Mechanical Keypad Reader 40T

Designed to perform in the harshest conditions, the HID Signo Mechanical Keypad Reader 40T is perfect for extreme cold weather environments. This robust reader ensures reliable access control, even in the most challenging settings, demonstrating HID’s dedication to innovation and durability in their products.

 

HID® Signo™ White

The signature HID Signo Reader lineup has also been extended with the addition of the new ‘White’ range, which brings a new aesthetically pleasing look to the sleek, modern range of readers. Designed to look clean and modernistic, the new white range provides designers and architects with a bright, minimalistic alternative.

HID Mobile Access® Solutions in Apple Wallet & Google Wallet

HID is proud to present HID Mobile Access in digital wallets, allowing employees to deploy their mobile credentials to their personal device in either Apple Wallet or Google Wallet. This advancement allows users to effortlessly access secure areas using their smartphones and smart watches, enhancing both convenience and security. This integration reflects HID’s commitment to providing versatile and user-friendly solutions for modern access control needs.

ISPT: First CRE to Implement HID Mobile Access via Digital Wallet

As announced in July, ISPT has become the first Commercial Real Estate (CRE) entity to deploy HID Mobile Access through a digital wallet, in partnership with onUgo. This initiative showcases the practical use of HID technology in a modern, dynamic enterprise and how such solutions are simultaneously improving security and employee experience. Read more on the announcement here.

HID® SAFE™: Comprehensive Digital Identity and Physical Access Control

HID SAFE stands out as the only off-the-shelf solution offering complete digital identity and physical access control. It simplifies physical security compliance for distributed enterprises by integrating business, physical, and IT systems. HID SAFE synchronises identity management and physical access controls globally, managing who has access to specific spaces, when, and for how long. It also tracks the reasons for access and who authorised it, ensuring a robust and transparent security framework

WHERE: HID will be at booth N38 at the 2024 ASIAL Security Exhibition from August 21-23, 2024 in ICC Sydney.

SentinelOne® Launches Singularity™ MDR

Full-scale service provides industry’s most complete expert coverage across entire enterprise, helping companies efficiently and effectively scale their security operations to defend against modern threats

Warwick Webb, Vice President, Managed Detection and Response, SentinelOne

SentinelOne  (NYSE: S), a global leader in AI-powered security, today announced the general availability of Singularity MDR and Singularity MDR + DFIR at Black Hat 2024. Combining the power of SentinelOne’s AI-powered Singularity Platform with deep market-leading security expertise, this new, full-scale Managed Detection and Response (MDR) service provides enterprises with coverage across endpoints, identities, networks, cloud workloads and more, empowering them to secure their environments in an efficient, cost-effective and scalable way. The service is designed to meet the evolving needs of resource-constrained organisations who need support to get and stay ahead of the increasingly complex attacks they face.

The introduction of the new Singularity MDR builds upon the best of SentinelOne’s award-winning Vigilance MDR service, WatchTower threat hunting offering and DFIR services to provide 24X7X365 managed protection – all delivered and enabled through the company’s industry-leading AI technology and unparalleled cybersecurity expertise.

“To stay ahead of attacks and ensure business continuity, today’s organisations need the peace of mind provided by round-the-clock, tailored security that combines the efficiency of innovative technology and the proficiency of seasoned practitioners,” said Warwick Webb, Vice President, Managed Detection and Response,  SentinelOne. “Singularity MDR is a future-forward solution that provides customers the coverage they need while maximising ROI.”

Built on the Singularity Platform, Singularity MDR harnesses the power of SentinelOne’s industry-leading threat experts and intelligence to provide enhanced detection and response coverage. With the solution, security teams get:

  • Trusted 24x7x365 expert coverage for endpoints, cloud workloads, identity and data provided by global skilled practitioners to ensure continuous detection and response protection.
  • Access to industry-leading threat hunting and MDR expertise with actionable analyses and the best signal-to-noise ratio to maximize the efficiency of their security operations.
  • Tailored service delivery from dedicated Threat Services Advisors to drive seamless integration.
  • End-to-end coverage, including managed threat hunting, DFIR retainers and Breach Response Warranty.

Singularity MDR  will be generally available to customers globally on August 12th.  For more information, please visit www.sentinelone.com

Sysdig unveils Cloud Identity Insights to stop attacks in motion

Powered by Falco, Sysdig identifies attacks in motion by correlating identity behavior with workload activity across private, hybrid, and public clouds

Sysdig, the leader in real-time cloud security, today announced the launch of Cloud Identity Insights, an expansion of its cloud detection and response (CDR) capabilities designed to correlate identity behaviour with workload activity and cloud resources. Cloud Identity Insights can instantly detect compromised identities, help contain them in real time, and leverage smart policy optimisation to prevent future breaches. This deep and broad coverage is made possible by the next generation of Sysdig’s proven enterprise-ready agent, launched today. This next-gen agent builds on the company’s lightweight instrumentation to use 50% fewer resources and is supported by both a universally compliant second-generation eBPF probe and open source Falco.

“Identity is the connective tissue between detection and prevention,” said Shantanu Gattani, Vice President of Product Management at Sysdig. “Quarantining compromised identities is critical for both containing attacks in motion and stopping them in the future, but with a 240% upsurge in human and machine identities over the last year [1], understanding which identities are compromised is a challenge in and of itself. Identity abuse informs everything from an immediate and targeted threat response to a comprehensive and effective Zero Trust cloud strategy – that’s exactly where we enable security teams with Cloud Identity Insights.”

Sysdig Cloud Identity Insights

When it comes to cloud attacks, nearly 40% of breaches start with exploited credentials [2] – this makes them the most common entry point for attackers. Cloud defenders, however, face a distinct lack of insight into identities, their associated behaviour, and their relation to other cloud activities. Identity insights are often decoupled from workloads, a fatal flaw that empowers attackers to stay hidden as they move quietly across the cloud.

Detect compromise in seconds to preempt attacks: Suspicious user activity is often the first indicator of a breach. Cloud Identity Insights immediately alerts users to reconnaissance actions and privileged user creation, often early indicators of a breach. By automatically correlating events to identities in real time, Sysdig enables teams to comply with the 555 Benchmark for cloud detection and response.

Contain compromised identities: Once a compromised account has been detected, security teams have seconds to contain it before the attack escalates. With Sysdig Cloud Identity Insights, teams can outpace attackers by swiftly prioritising and responding with suggested containment actions that range in severity from forced password resets to user deactivation or deletion.

Prevent future attacks: Each identity remediation gives security analysts the opportunity to prevent future identity abuse with insightful context. Cloud Identity Insights automatically recommends smart policy optimisation by evaluating the permissions exploited by a compromised account during the incident, and highlights the riskiest roles and users in the environment.

Expanded Coverage Across Private, Public, and Hybrid Clouds

Stopping unknown threats early in the attack chain requires comprehensive coverage across private and public clouds, as well as correlation between workloads, identities, platform as a service (PaaS), and cloud activity. With this new release, Sysdig is expanding its leadership in agent and agentless cloud-native application protection platform (CNAPP) instrumentation to help security teams detect and respond at cloud speed.

Gain universal compatibility with eBPF: Building on the company’s extensive contributions to eBPF, the universally compliant second-generation eBPF probe further simplifies deployment and gives organisations greater flexibility regarding where and how they develop cloud-native applications. This eBPF update offers extensive coverage of Linux and Windows hosts and Kubernetes nodes to deliver kernel-level visibility into workloads without cumbersome administrator privileges.

Scale confidently with the next-generation agent: Sysdig’s next-generation agent delivers the comprehensive visibility of a mature agent with the resource requirement of a lightweight sensor. It uses 50% fewer resources than the company’s already resource-light instrumentation while delivering real-time threat detection at the edge. Finally, it provides a unified agent experience across clusters and hosts, both in private cloud (OpenShift, VMware, etc.) and public cloud environments, providing comprehensive protection from uncovering vulnerabilities to identifying live attacks.

Unify threat detection with Falco: With this new release, Sysdig extends Falco to assess cloud and PaaS activity along with host, container, and Kubernetes activity. This unifies threat detection in a single language and allows defenders to spot sophisticated attacks that originate outside the customer’s cloud and ultimately make their way into the cloud estate.

Introducing the Milestone Melbourne Experience Centre

In this episode of Security Solutions TV, we speak with Jordan Cullis, Director of Sales Asia Pacific and Morten Illum, Chief Revenue Officer at Milestone Systems, about the opening of their new Melbourne Experience Centre.

They explain how this exciting new space has been designed from the ground up to help, consultants, integrators and customers better understand how Milestone and its partners can help solve real-world security challenges more effectively.

For more information visit www.milestonesys.com

The Ethical Development of AI in Security

In this episode of the Security Insider podcast, we are looking at the ethical development and deployment of AI in the security space. We all know that AI is set to play a crucial role in the future of not just security but society as a whole.

Amongst the many challenges around the development of AI, are things like ensuring that privacy, transparency, security, and fairness are paramount in any discussion and development.

To help us better understand these issues, we are speaking with Philip Meyer. Philip is a Technology Strategist at Microsoft, where he has worked for over 30 years. He helps Microsoft Partners build solutions and services for various sectors using Microsoft’s wide range of products and technologies. His main areas of expertise are Migration to the Cloud, Hybrid Cloud implementations, Artificial Intelligence and Security. He has also held roles in Product Marketing, Business Development and Team Management in his career at Microsoft. Philip will be presenting on AI and the way we, as an industry, might better navigate this uncertain future at the upcoming ASIAL Security Conference being held in Darling Harbour from the 21st to the 22nd of August.