Tag: Migration | SpinSafe

Menlo Security Finds Cloud Migration and Remote Work Gives Rise to New Era of Malware, Highly Evasive Adaptive Threats (HEAT)

February 2, 2022/in Computer Security

MOUNTAIN VIEW, Calif.–(BUSINESS WIRE)–Menlo Security, a leader in cloud security, today announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats (HEAT), that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection. HEAT attacks are used to deliver malware or to compromise credentials, that in many cases leads to ransomware attacks.

In an analysis of almost 500,000 malicious domains, The Menlo Security Labs research team discovered that 69% of these websites used HEAT tactics to deliver malware. These attacks allow bad actors to deliver malicious content to the endpoint by adapting to the targeted environment. Since July 2021, Menlo Security has seen a 224% increase in HEAT attacks.

“With the abrupt move to remote working in 2020, every organization had to pivot to a work from an anywhere model and accelerate their migration to cloud-based applications. An industry report found that 75% of the working day is spent in a web browser, which has quickly become the primary attack surface for threat actors, ransomware and other attacks. The industry has seen an explosion in the number and sophistication of these highly evasive attacks and most businesses are unprepared and lack the resources to prevent them,” said Amir Ben-Efraim, co-founder and CEO of Menlo Security. “Cyber Threats are a mainstream problem and a boardroom issue that should be on everyone’s agenda. The threat landscape is constantly evolving, ransomware is more persistent than ever before, and HEAT attacks have rendered traditional security solutions ineffective.”

HEAT attacks leverage one or more of the following core techniques that bypass legacy network security defenses:

Evades Both Static and Dynamic Content Inspection: HEAT attacks evade both signature and behavioral analysis engines to deliver malicious payloads to the victim using innovative techniques such as HTML Smuggling. This technique is used by…

Source…

Preparing for the Post-Quantum Migration: A Race to Save the Internet | Womble Bond Dickinson

July 30, 2021/in Internet Security

National agencies and scientific institutions are well aware of the threat of quantum computers to existing cryptography. In 2015, the United States National Security Agency first published warnings of the need to transition to quantum-resistant algorithms. One year later, the National Institute of Standards and Technology (“NIST”) began a standardization initiative for post-quantum cryptography and secure operating parameters. Post-quantum cryptography is the study of crypto-systems that can be run on a conventional computer and is sufficiently secure against both quantum and conventional computers. However, the trial process is lengthy and NIST continues to review and scrutinize potential quantum-resistant algorithms. The initiative identified five classes of cryptographic systems that are currently quantum-resistant: lattice based; multivariate-quadratic-equations; hash-based; code-based; and supersingular elliptic curve isogeny. NIST is expected to announce the first algorithm to qualify for standardization within the next two years.

During this transition period while the world awaits NIST’s findings, there are measures that can be taken now to begin securing data against quantum computing and preparing for the upcoming migration. Organizations should begin the engineering work necessary to prepare their infrastructure for the implementation of post-quantum cryptography as soon as the migration is ready. To begin preparing now, experts recommend that organizations create a reference index for those applications that use encryption and ensure that current and future systems have sufficient cryptographic agility. Reference indexing allows organizations to assess quantum vulnerabilities ensuring that all applications are migrated, minimizing the risk of incidents occurring in one part of their digital ecosystem. It is essential that organizations perform an ongoing assessment of their risks and migrate quickly to prevent systemic data insecurity.

Organizations should develop a plan to transition to quantum-resistant encryption. Planning ahead will minimize system down time and provide flexibility for responding to any implementation flaws. Organizations can utilize their…

Source…

Singapore’s migration to cloud continues, and expect more SaaS once we secure it, says GovTech • The Register

June 30, 2021/in Computer Security

Singapore wants to change the role of industry to co-develop digital projects alongside government and leave behind the days of wholesale outsourcing, or so says GovTech, the city-state’s digital services arm.

“It would be relevant to understand the changing role that industry plays in supporting the government in the digitalisation journey,” said conversation moderator Shirley Wong in an online briefing today. “The government is not insourcing all projects with their engineering capabilities built up, as demand is very huge.”

She added:

GovTech’s director of procurement, Yu Ling Mah, encouraged companies interested in partnering to upskill their employees on cloud, data science, AI, ML, Agile, and secure cyber practices to win bids from the organisation.

Wong and Mah also emphasised that companies should not take on entire projects, but instead leverage central platforms built by GovTech to reduce overall effort.

In 2018, Singapore laid out a five-year plan [PDF] to migrate 70 per cent of its less sensitive government IT systems from on-premises infrastructure to the commercial cloud. A canned statement from GovTech last week said that close to 600 systems had been migrated to date.

Mah said the migration was on target.

As for SaaS, Mah said it was part of her workplan for 2021. “Beyond moving past applications to be hosted on the cloud, the next phase is a lot of adoption of the SaaS that agencies are looking at. We are reviewing some of our procurement approaches in terms of how best this can be done because the SaaS offerings out there may not be able to meet all our security requirements.”

Mah is looking at aggregation of demand on common needs of SaaS, adding: “I think you’ll probably see some things on this phase maybe this year, and the move toward SaaS is picking up too.”

The government is expected to spend S$3.8bn (US$2.8bn) this year on ICT, up from S$3.5bn (US$2.6bn) in 2020. Of this amount, S$2.7bn…

Source…

Global Email Security Market Forecast Report 2021-2025: New Malware Techniques Drive Market Growth as Organizations Accelerate Cloud Migration Due to the COVID-19 Pandemic – ResearchAndMarkets.com | Business

April 23, 2021/in Computer Security

DUBLIN–(BUSINESS WIRE)–Apr 23, 2021–

This research service analyzes the global email security market.

Email remains the number one threat vector. It is the primary mode of corporate communication and the de facto standard for B2B and B2C communications. During the COVID-19 pandemic, email continues to be the chief channel for business communication, and this trend is driven by the surging trend of working from home.

Over the past few years, the complexity and the volume of threats have increased significantly. Email-based threats have become big business; specific verticals and individuals within organizations are targeted. Threat vectors continue to evolve, and the need for secure email has never been stronger. Attackers are more focused on people and less on systems. Business email compromise (BEC) fraud continues to affect organizations, both large and small. Consequently, traditional security solutions that are designed to protect systems and infrastructure are now inadequate.

Sophisticated and highly targeted email-borne attacks are on the rise, and many of these attacks use social engineering techniques. For businesses of all sizes, this is a serious problem as the legitimate communication channel they rely on extensively, email, is also the channel of choice to deliver malware and malwareless attacks. Advanced attacks combine email and cloud accounts. Cybercriminals are also leveraging pandemic-driven fears and uncertainties to launch their attacks.

The most significant trend in the market is the acceleration of the migration to the cloud. Customers are adopting cloud-based mailbox services and moving their email security to the cloud from on-premise appliances. The substantial adoption of Microsoft Office 365 has caused the biggest loss of email security posture for organizations.

As a result, organizations are looking for integrated solutions to increase operational efficiencies while gaining stronger and more comprehensive security. In such a competitive environment, email security vendors must be able to differentiate themselves.

Executive Summary – Market Engineering Measurements
Executive Summary – CEO’s Perspective
Introduction to the…

Source…

Tag Archive for: Migration