Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Ryuk Ransomware
Astro Locker Data Breach ICedID Mandiant Threat Intelligence Mount Locker RDP Ryuk Ransomware

Quantum Ransomware was Detected in Several Network Attacks

 

Quantum ransomware, originally spotted in August 2021, has been found carrying out fast attacks which expand quickly, leaving defenders with little time to react. The assault began with the installation of an IcedID payload on a user endpoint, followed by the launch of Quantum ransomware 3 hours and 44 minutes later. It was identified by DFIR Report researchers as one of the fastest ransomware attacks it had ever seen. IcedID and ISO files have recently been utilized in other attacks, as these files are great for getting past email security safeguards.

According to Mandiant's M-Trends 2022 study, the threat actors began encrypting the victim's data only 29 hours after the first breach in a Ryuk ransomware assault in October 2020. The median global dwell period for ransomware is around 5 days. However, once the ransomware has been installed, the data of the victim may be encrypted in minutes. According to a recent analysis from Splunk, ransomware encrypts data in an average of 43 minutes, with the fastest encryption time being less than 6 minutes. 

The IcedID payload was stored within an ISO image which was presumably distributed by email in the examined Quantum ransomware outbreak. The malware was disguised as a "document" file, which was an LNK file designed to run a DLL (IcedID). Several discovery activities were run when the DLL was executed, utilizing various built-in Windows functions, and a scheduled job was constructed to ensure persistence. 

Cobalt Strike was installed into the victim system about two hours after the first breach, allowing the attackers to begin 'hands-on-keyboard' behavior. The fraudsters then began network reconnaissance, which included identifying each host in the environment as well as the active directory structure of the target organization. After releasing the memory of LSASS, the intruders were able to steal Windows domain credentials and spread laterally via the network. 

Cobalt Strike was also used by the attackers to collect credentials and test them for remote WMI detection tasks. The credentials enabled the adversary to log in to a target server through the remote desktop protocol (RDP), from which they attempted to distribute Cobalt Strike Beacon. The malicious actors then used RDP to access other servers in the system, where they prepared to deliver Quantum ransomware per each host. Threat actors eventually used WMI and PsExec to deliver the Quantum ransomware payload and encrypt devices via WMI and PsExec. 

The Quantum Locker ransomware is a rebranded version of the MountLocker malware, which first appeared in September 2020. Since then, the ransomware gang has gone by several names, including AstroLocker, XingLocker, and Quantum Locker, which is now in its current phase. 

While the DFIR report claims since no data exfiltration activity was detected in the assault they investigated, researchers claim the ransom demands for this gang fluctuate based on the victim, with some attacks seeking $150,000 in exchange for a decryptor. Quantum Locker, unlike its prior versions, is not a highly active operation, with only a few attacks per month.
Read more »
Ransomware
Australia Crypto Crime Cyber Security Ransomware

AUSTRAC Publishes New Guidance on Ransomware and Crypto Crime

 

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released two new financial guides for businesses to detect and prevent criminal abuse of digital currencies and ransomware. 

Each guide provides practical recommendation to assist businesses detect if a payment is related to a ransomware assault, or if someone is exploiting digital currencies and blockchain technology to commit crimes such as tax evasion, terror financing, scams or money laundering. 

The guideline implored businesses to be on the lookout for users who tried to obfuscate the trail of their digital assets transactions by using mixers, privacy assets, and decentralized finance (DeFi) platforms suspiciously. 

Among the particular indicators, Austrac recommends being careful when figuring out if somebody is using digital currencies for terrorism financing, for example, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism centered boards, or when a buyer account receives a number of small deposits, that are instantly transferred to private wallets. 

In the meantime, some indicators of identifying when an individual is a sufferer of a ransomware assault, according to Austrac, include when a customer increases the limit on their account after which rapidly sends funds to a third party; following a preliminary giant digital currency transfer, a customer has little or no additional digital forex exercise; and when a newly onboarded customer desires to make a direct and huge buy of digital currency, followed by a direct withdrawal to an exterior digital currency address. 

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Austrac CEO Nicole Rose said in a statement. 

The guides have been released in response to the increase in cyber threats to Australia. In 2020-21, 500 ransomware attacks were reported, marking a 15% increase from the previous fiscal year, analysts at Austrac noted. 

Earlier this month, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online. The details included the driver's license, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders. 

IDCare initially discovered the breach in late January when it noticed a post for sale on a Chinese-speaking platform for $150, before it was eventually posted to be accessed without spending a dime on another online forum called Breached.

"This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us," IDCare said.
Read more »
Phishing Scams
Data Breach Fraud Email HTML HTTP IMAP IP Address IRS Phishing Scams

Cybercriminals Impersonate Government Employees to Spread IRS Tax Frauds

 

At end of the 2021 IRS income tax return deadline in the United States, cybercriminals were leveraging advanced tactics in their phishing kits, which in turn granted them a high delivery success rate of spoofed e-mails with malicious attachments. 

On April 18th, 2022, a notable campaign was detected which invested phishing e-mails imitating the IRS, and in particular one of the industry vendors who provide services to government agencies which include e-mailing, Cybercriminals chose specific seasons when taxpayers are all busy with taxes and holiday preparations, which is why one should be extra cautious at these times.

The impersonated IT services vendor is widely employed by key federal agencies, including the Department of Homeland Security, as well as various state and local government websites in the United States. The detected phishing e-mail alerted victims about outstanding IRS payments, which should be paid via PayPal, and included an HTML attachment which looked like an electronic invoice. Notably, the e-mail has no URLs and was delivered to the victim's mailbox without being tagged as spam. The e-mail was delivered through many "hops" based on the inspected headers, predominantly using network hosts and domains registered in the United States.

It is worth mentioning that none of the affected hosts had previously been 'blacklisted,' nor had any evidence of bad IP or anomalous domain reputation at the time of identification. The bogus IRS invoice's HTML attachment contains JS-based obfuscation code. Further investigation revealed embedded scenarios which detected the victim's IP (using the GEO2IP module, which was placed on a third-party WEB-site), most likely to choose targets or filter by region. 

After the user views the HTML link, the phishing script shall prompt the user to enter personal credentials, impersonating the Office 365 authentication process with an interactive form.

The phishing-kit checks access to the victim's e-mail account through IMAP protocol once the user enters personal credentials. The actors were utilizing the "supportmicrohere[.]com" domain relying on the de-obfuscated JS content. 

Threat actors most likely tried to imitate Microsoft Technical Support and deceive users by utilizing a domain with similar spelling. The script intercepts the user's credentials and sends them to the server using a POST request. Login and password are sent to the jbdelmarket[.]com script through HTTP POST. A series of scripts to examine the IP address of the victim is hosted on the domain jbdelmarket[.]com. The phishing e-header emails include multiple domain names with SPF and DKIM records. 

A Return-Path field in the phishing e-mail was set as another e-mail controlled by the attackers which gather data about e-mails that were not sent properly. The Return-Path specifies how and where rejected emails will be processed, and it is used to process bounces from emails.
Read more »
survey
Cyber Security Privacy Report Research Safety Safety Measures survey

Survey: 89% Firms Experienced One or More Successful Email Breach

 

During the past 12 months, 89 percent of firms had one or more successful email intrusions, resulting in significant expenses. 

The vast majority of security teams believe that their email protection measures are useless against the most significant inbound threats, such as ransomware. This is according to a survey of business customers using Microsoft 365 for email commissioned by Cyren and conducted by Osterman Research. The survey examined issues with phishing, business email compromise (BEC), and ransomware threats, attacks that became costly incidents, and readiness to cope with attacks and incidents. 

“Security team managers are most concerned that current email security solutions do not block serious inbound threats (particularly ransomware), which requires time for response and remediation by the security team before dangerous threats are triggered by users,” according to the report.

Less than half of those surveyed felt their companies can prevent email threats from being delivered. Whereas, less than half of firms consider their current email security solutions to be efficient. Techniques to detect and stop mass-mailed phishing emails are seen as the least effective, followed by safeguards against impersonation attacks. 

As a result, it's perhaps unsurprising that nearly every company polled has experienced one or more sorts of email breaches. Overall, successful ransomware attacks have climbed by 71% in the last three years, Microsoft 365 credential compromise has increased by 49%, and successful phishing assaults have increased by 44%, according to the report. 

Email Defences 

When the firms looked into where email defence falls short, they discovered that, surprisingly, the use of email client plug-ins for users to flag questionable communications is on the upswing. According to a 2019 survey, half of the firms now employ an automatic email client plug-in for users to flag questionable email messages for review by skilled security personnel, up from 37% in 2019. The most common recipients of these reports are security operations centre analysts, email administrators, and an email security vendor or service provider, however, 78 percent of firms alert two or more groups. 

In addition, most firms now provide user training on email dangers, according to the survey: More than 99% of companies provide training at least once a year, and one out of every seven companies provides email security training monthly or more regularly. 

“Training more frequently reduces a range of threat markers Among organizations offering training every 90 days or more frequently, the likelihood of employees falling for a phishing, BEC or ransomware threat is less than organizations only training once or twice a year,” as per the report.

Furthermore, the survey discovered that more regular training leads to a higher number of suspicious messages being reported, as well as a higher percentage of these messages being reported as such. The survey also revealed that firms are utilising at least one additional security product to supplement Microsoft 365's basic email protections. However, the survey discovered that their implementation efficacy differs. 

The report explained, “Additive tools include Microsoft 365 Defender, security awareness training technology, a third-party secure email gateway or a third-party specialized anti-phishing add-on. There is a wide range of deployment patterns with the use of these tools.”

The firms came to the conclusion that these kinds of flaws, as well as weak defences in general, result in significant expenses for businesses.

“Costs include post-incident remediation, manual removal of malicious messages from inboxes, and time wasted on triaging messages reported as suspicious that prove to be benign. Organizations face a range of other costs too, including alert fatigue, cybersecurity analyst turnover, and regulatory fines” the report further read.
Read more »
Zero Day exploit
Miami Hacking Contest Vulnerabilities and Exploits Zero Day exploit

ICS Exploits Earn Hackers $400,000 at Pwn2Own Miami Hacking Contest

 

Pwn2Own Miami 2022 has come to an end, and Zero Day Initiative says the competitors earned $400,000 for 26 zero-day exploits (and multiple vulnerability collisions) targeting ICS and SCADA products exhibited during the contest held last week. 

The contest, organized by Trend Micro’s Zero Day Initiative (ZDI), saw 11 participants targeting multiple production categories: Control Server, OPC Unified Architecture (OPC UA) Server, Data Gateway, and Human Machine Interface (HMI). 

"Thanks again to all of the competitors who participated. We couldn’t have a contest without them," Trend Micro's Zero Day Initiative (ZDI) said today. “Thanks also to the participating vendors for their cooperation and for providing fixes for the bugs disclosed throughout the contest.”

After the safety vulnerabilities abused throughout Pwn2Own are reported, distributors are given 120 days to launch patches till ZDI publicly discloses them. 

The highest payout went to Computest Sector 7 researchers Daan Keuper (@daankeuper) and Thijs Alkemade (@xnyhps). During day one, they earned $20,000 after executing code on the Inductive Automation Ignition SCADA control server solution using a missing authentication vulnerability. 

The same day they used an uncontrolled search path bug to secure remote code execution (RCE) in AVEVA Edge HMI/SCADA software and were awarded $20,000 for their efforts. The next day, Computest Sector 7 exploited an infinite loop condition to trigger a DoS state against the Unified Automation C++ Demo Server and earned $5,000.

Last but not least, on day two of Pwn2Own Miami 2022, the Computest Sector 7 team earned $40,000 for successfully bypassing the trusted application check on the OPC UA .NET standard. This was the maximum amount that Pwn2Own participants could earn for a single exploit, and Computest’s attempt involved what ZDI described as one of the most interesting bugs ever seen at Pwn2Own. In fact, the Computest team earned the most points and a total of $90,000. 

This year's Pwn2Own Miami took place at the S4 conference in Miami South Beach in person and also allowed remote participation. In 2020, in the first edition of Pwn2Own on ICS, participants won a total of $ 280,000. This event did not take place in 2021 due to the COVID-19 pandemic.
Read more »
More Eggs Malware
Corporate Networks Hackers Hiring Linkedin malware More Eggs Malware

Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

 

A year after potential candidates looking for work on LinkedIn were tempted with weaponized job offers, a new series of phishing assaults carrying the more eggs malware has been detected attacking corporate hiring supervisors with false resumes as an infection vector. 

Keegan Keplinger, eSentire's research and reporting lead said in a statement, "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting job seekers with fake job offers."
 
Four separate security events were identified and disrupted, according to the Canadian cybersecurity firm, three of which happened towards the end of March. A U.S.-based aerospace company, a U.K.-based accounting firm, a legal firm, and a hiring agency, all based in Canada, are among the targets. 

The malware, which is thought to have been created by a threat actor known as Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing sensitive data and lateral movement across a hacked network. 

Keplinger stated, "More_eggs achieves execution bypassing malicious code to legitimate windows processes and letting those windows processes do the work for them."
 
The goal is to leverage the resumes as a decoy to launch the malware and sidestep detection. Apart from the role reversal in the mode of operation, it's unclear what the attackers were after, given that the attacks were stopped before they could carry out their intentions. However, it's worth noting that, once deployed, more eggs might be used as a launchpad for further assaults like data theft and ransomware. 

"The threat actors behind more_eggs use a scalable, spear-phishing approach that weaponizes expected communications, such as resumes, that match a hiring manager's expectations or job offers, targeting hopeful candidates that match their current or past job titles," Keplinger stated.
Read more »
Telegram
Atlas VPN Cyber Attacks Darkweb LAPSUS$ NVIDIA Sensitive Data Leak SIM Swapping T-Mobile Telegram

T-Mobile Reveals its Security Systems were Hacked via Lapsus$ Hackers

 

T-Mobile acknowledged on Friday it had been the subject of a security compromise in March when the LAPSUS$ mercenary group gained access to its networks. The admission occurred after investigative journalist Brian Krebs published internal chats from LAPSUS$'s key members, revealing the group had infiltrated the company many times in March previous to the arrest of its seven members. 

After analyzing hacked Telegram chat conversations between Lapsus$ gang members, independent investigative journalist Brian Krebs first exposed the incident. T-Mobile said in a statement the breach happened "a few weeks ago" so the "bad actor" accessed internal networks using stolen credentials. "There was no customer or government information or any similarly sensitive information on the systems accessed, and the company has no evidence of the intruder being able to get anything of value," he added.

The initial VPN credentials were allegedly obtained from illegal websites such as Russian Market in order to get control of T-Mobile staff accounts, enabling the threat actor to conduct SIM switching assaults at anytime. 

The conversations suggest how LAPSUS$ had hacked T-Slack Mobile's and Bitbucket accounts, enabling the latter to obtain over 30,000 source code repositories, in addition to getting key to an internal customer account management application called Atlas. In the short time since it first appeared on the threat scene, LAPSUS$ has been known for hacking Impresa, NVIDIA, Samsung, Vodafone, Ubisoft, Microsoft, Okta, and Globant. 

T-Mobile has acknowledged six previous data breaches since 2018, including one in which hackers gained access to data linked to 3% of its members. T-Mobile acknowledged it had disclosed prepaid customers' data a year later, in 2019, and unknown threat actors had acquired access to T-Mobile workers' email accounts in March 2020. Hackers also acquired access to consumer private network information in December 2020, and attackers accessed an internal T-Mobile application without authorization in February 2021. 

According to a VICE investigation, T-Mobile, unsuccessfully, tried to prevent the stolen data from being posted online after paying the hackers $270,000 through a third-party firm in the aftermath of the August 2021 breach. After its stolen sensitive information turned up for sale on the dark web, the New York State Office of the Attorney General (NY OAG) alerted victims of T-August Mobile's data breach would face elevated identity theft risks. 

The City of London Police announced earlier this month as two of the seven adolescents arrested last month for alleged potential connections to the LAPSUS$ data extortion group, a 16-year-old, and a 17-year-old had been charged.
Read more »
Technology
Botnet cryptocurrency Crytomining Technology

Docker Servers Targeted by LemonDuck Cryptomining Campaign

 

LemonDuck botnet operators have launched a large-scale Monero cryptomining campaign targeting Docker APIs on Linux servers. Cryptomining hackers are a persistent danger to Docker systems that aren’t properly shielded or configured, with multiple mass-exploitation efforts recorded in recent years.

The cryptomining malware was first identified in 2019 by researchers from Trend Micro while targeting enterprise networks. Previously, the botnet has targeted Microsoft Exchange servers, Linux machines via SSH brute force attacks, Windows systems susceptible to SMBGhost, and servers running Redis and Hadoop instances. 

Methodology Employed 

The LemonDuck botnet secures access to the exposed Docker APIs and runs a malicious container to fetch a Bash script disguised as a PNG image. 

The script is downloaded from the domain t.m7n0y[.]com, which was observed in other LemonDuck attacks. 

“The “core.png” file acts as a pivot by setting a Linux cronjob inside the container. Next, this cronjob downloads another disguised file “a.asp,” which is actually a Bash file,” Crowdstrikes researchers explained. “The “a.asp” file is the actual payload in this attack. It takes several steps before downloading and starting a mining operation once it is triggered by a cronjob, as follows.” 

The Bash file (a.asp) performs the following actions: 

• Kill processes based on names of known mining pools, competing cryptomining groups, etc. 
• Kill daemons like crond, sshd and syslog. 
• Delete known indicator of compromise (IOC) file paths. 
• Kill network connections to C2s known to belong to competing cryptomining groups. 
• Disable Alibaba Cloud’s monitoring service that protects instances from risky activities. 

Last year in November, cryptomining malware used by unknown attackers was found to disable protective mechanisms in Alibaba Cloud services. After doing the above tasks, the Bash script then downloads and executes the cryptomining program XMRig and a configuration file that hides the actor’s wallets behind proxy pools. 

After the initially infected machine has been set up to mine, Lemon_Duck attempts lateral movement by leveraging SSH keys found on the filesystem. If those are available, the attacker will employ them to carry out a second infection. Hiding the Docker APIs properly on cloud instances is currently the only solution for avoiding LemonDuck crypto-mining attacks.
Read more »
Trend Micro
Alibaba Amazon Web Services AWS Cisco Talos Crypto Mining Cyber Security Kubernetes Linux TeamTNT Trend Micro

AWS, and Alibaba Cloud was Attacked by Crypto Miners

 

An intel source recently provided Cisco Talos with modified versions of the TeamTNT cybercrime team's infected shell scripts, an earlier version of which was documented by Trend Micro. The malware creator modified these tools after learning that security experts had disclosed the prior version of its scripts. These scripts are intended primarily for Amazon Web Services (AWS), but they might also be used on-premise, in containers, or in other Linux instances. 

There are multiple TeamTNT payloads focusing on bitcoin mining, persistence, and lateral movement employing tactics like identifying and installing on with all Kubernetes pods in a local network, in addition to the primary credential stealer scripts. A script containing user credentials for the distribution system server and another with an API key which may allow remote access to a tmate shared login session is also included. Defense evasion functions aimed at defeating Alibaba cloud security technologies are included in some TeamTNT scripts.

When it comes to decision making obtaining credentials, the script looks for them in the following places and APIs: 

  • It attempts to obtain the string 'AWS' from /proc/*/environ from the Linux system environment variables. 
  • Obtaining the string 'AWS' from Docker environment variables with the command $(docker inspect $) (docker ps -q).
  • /home/.aws/credentials and /root/.aws/credentials are the default AWS CLI credential file locations.
While the query itself will not be caught by Cisco Secure Cloud Analytics, the alert "AWS Temporary Token Persistence" will detect later use of these credentials to generate further temporary credentials. Finally, the virus saves any credentials acquired by the preceding functions to the file "/var/tmp/TeamTNT AWS STEALER.txt" and uses cURL to transfer it to the URL http://chimaera[.]cc/in/AWS.php before deleting it. 

No CloudTrail, GuardDuty, or SCA events were generated when the script ran on the target EC2 instance for all network traffic was restricted by the VPC Security Group such as the script could not access TeamTNT's servers. 

The core of the defense impairment functions is directed against Alibaba Cloud Security's numerous agents, how, they also target Tencent Cloud Monitor and third-party BMC Helix Cloud Security, agents. While the bulk of malicious scripts targets AWS Elastic Compute Cloud (EC2) virtual machines, these bots are most typically detected running inside Alibaba Cloud Elastic Compute Service (ECS) or a Tencent Cloud VM. They could theoretically be put on a VM operating on AWS or any other service, but it would be unusual. TeamTNT makes no attempt to disable AWS CloudWatch, Microsoft Defender, Google Cloud Monitor, Cisco Secure Cloud Analytics, CrowdStrike Falcon, Palo Alto Prisma Cloud, or other popular cloud security tools in the United States. 

The Alibaba defense damage routines have been retrieved and saved here from the script Kubernetes root payload 2.sh. Since static analysis of the defense impairment functions is problematic due to the presence of multiple Base64 encoded strings, those functions have been decrypted and placed back into the file ali-defense-impairment-base64-decoded.sh.txt. 

"Cybercriminals who have been exposed by security researchers should update those tools to keep functioning successfully," stated Darin Smith of Talos. 

The serious remote code execution problem in Spring Framework (CVE-2022-22965) has been leveraged to deploy cryptocurrency miners, in yet another example of how threat actors quickly co-opt recently revealed flaws into existing attacks. To deploy the cryptocurrency miners, the exploitation efforts employ a unique web shell, but not before switching off the firewall and disabling other virtual currency miner processes.
Read more »
Windows
Cyber Criminals malware QBot Spyware Windows

Emotet Malware: Shut Down Last Year, Now Showing a Strong Resurgence

 

The notorious Emotet malware operation is exhibiting a strong resurgence more than a year after being effectively shut down. Check Point researchers put the Windows software nasty at the top of their list as the most commonly deployed malware in a March threat index, threatening or infecting as many as 10% of organisations around the world during the month – an almost unbelievable figure, and more than double that of February. 

Now, according to Kaspersky Labs, a swiftly accelerating and sophisticated spam email campaign is intriguing targets with fraudulent emails designed to swindle them into unpacking and installing Emotet or Qbot malware, which can steal data, collect information on a compromised corporate network, and move laterally through the network to install ransomware or other trojans on networked computers. 

Qbot, which is associated with Emotet's operators, is also capable of accessing and stealing emails. In a blog post this week, Kaspersky's email threats protection group manager, Andrey Kovtun, stated. In February, Kaspersky discovered 3,000 malicious Emotet-linked emails, followed by 30,000 a month later, in languages including English, French, Italian, Polish, Russian, and Spanish. 

Kovtun wrote, "Some letters that cybercriminals send to the recipients contain a malicious attachment. In other cases, it has a link which leads to a file placed in a legitimate popular cloud-hosting service. Often, malware is contained in an encrypted archive, with the password mentioned in the e-mail body." 

The spam email often claims to include essential information, such as a commercial offer, in order to persuade the recipient to open the attachment or download the harmful file via the link. "Our experts have concluded that these e-mails are being distributed as part of a coordinated campaign that aims to spread banking Trojans," he wrote further. 

Cryptolaemus, a group of security researchers and system administrators formed more than two years ago to combat Emotet, announced on Twitter this week that one of the botnet subgroups has switched from 32-bit to 64-bit for loaders and stealer modules, indicating the botnet's operators' continued development. Emotet immediately resurfaced in the malware world's upper echelons. Europol, along with police departments from the United States, Germany, the United Kingdom, and Ukraine, completed a multinational takedown of the primary botnet deploying Emotet in February 2021. Raids on the accused operators' houses in Ukraine were part of the operation. 

The raid, according to Europol, substantially impacted Emotet's operations, which were used to infiltrate thousands of firms and millions of computers around the world. However, in publishing its March threat index, Check Point Research stated that Emotet resurfaced in November 2021 and has gained traction after the Trickbot botnet infrastructure was shut down in February. It is once again the most common malware. 

The researchers wrote, "This was solidified even further [in March] as many aggressive email campaigns have been distributing the botnet, including various Easter-themed phishing scams exploiting the buzz of the festivities. These emails were sent to victims all over the world with one such example using the subject 'Buona Pasqua, happy easter,' yet attached to the email was a malicious XLS file to deliver Emotet." 
Read more »
Security Tools
Cloud Network Cyber Security Encryption Tools infosec Security Tools

To Reliably Govern Multi-Cloud Workloads, IT Leaders Demand Better Security Insights

 

Gigamon has revealed the results of a Pulse. qa poll of IT and InfoSec experts to identify hurdles in progressing current multi-cloud plans. 

According to a recent Pew Research poll, 64 percent of Americans prefer to work in either an entirely remote or hybrid environment, pushing organizations to deal with the growing complexity of transferring and expanding workloads in the cloud. As a result, respondents to the Pulse.qa poll rank transparency over cloud data-in-motion as the most important security element globally. 

"Deep observability across hybrid and multi-cloud setups are required for every firm to stay competitive in a world of enhanced security risk and IT complexity. While each company's journey to service and infrastructure modernization is unique, bridging this visibility gap is critical to safeguarding and optimizing the network in order to provide a superior user experience." Gigamon's VP of brand and technical marketing, Bassam Khan, explained. 

Multi-cloud methods' challenges 

  • The successful administration of multi-cloud infrastructures is being hampered by increasing complexity and cost — 99 percent of respondents said the team lacked or violated an app service-level agreement (SLA) owing to challenges caused by an overly complicated cloud infrastructure. 
  • Attempts by tech executives to transfer and boost workloads in the cloud are being hampered by rising costs and complexity – High cloud expenses, according to 67 percent of respondents, are hindering the firms' ability to transfer applications and workloads as quickly as they need; 96 percent said connectivity bottlenecks or complex cloud troubleshooting attempts hold down migration efforts. 
  • The expense and complexities of cloud infrastructure deplete resources for other ventures and apps, frustrating already overworked IT employees — IT employee irritation was a close second (51%) to a lack of budget (61%) for critical applications. 

82 percent of IT and InfoSec leaders favor best-of-breed third-party security tools over cloud platform provider technologies to overcome these cloud migration bottlenecks and issues. Furthermore, the percent prefers a single point of visibility across the whole environment to a compartmentalized approach to cloud problems.

In a comparable pattern, multi-cloud is utilized. It gives organizations more ways to take advantage of the cloud's benefits. In response to demand, multi-cloud is certainly one of the most popular techniques.
Read more »
Subscribe to: Comments (Atom)