Tag Archive for: Proactively

CrowdStrike Introduces CrowdStrike Asset Graph to Help Organizations Proactively Identify and Eliminate Blind Spots

/in


AUSTIN, Texas and RSA Conference 2022, SAN FRANCISCO – June 6, 2022 – CrowdStrike (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today introduced CrowdStrike Asset Graph, a new graph database powered by the CrowdStrike Security Cloud that provides IT and security leaders with a 360-degree view into all assets (both managed and unmanaged) alongside unprecedented visibility into their attack surface across devices, users, accounts, applications, cloud workloads, operational technology (OT) and more to simplify IT operations and stop breaches.

As organizations accelerate their digital transformation, they are expanding their attack surface exponentially. This has dramatically increased their risk exposure to adversaries who are discovering and exploiting these soft targets and vulnerabilities faster than IT and security teams can discover them. Visibility is one of the foundational principles of cybersecurity because you cannot secure and defend the assets you don’t know exist. This, in turn, creates a race between adversaries and companies’ IT and security teams to find these blind spots. According to a 2022 report from Enterprise Strategy Group (ESG), “69% of organizations have experienced a cyberattack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset.”

CrowdStrike Asset Graph solves this problem by dynamically monitoring and tracking the complex interactions between assets, providing a single holistic view of the risks those assets pose. While other solutions simply provide a list of assets without context, Asset Graph provides graphic visualizations of the relationships between all assets such as devices, users, accounts, applications, cloud workloads and OT, along with the rich context necessary for proper security hygiene and proactive security posture management to reduce risk in their organizations.

“Digital transformation has led to an equal and pronounced acceleration of security transformation in the modern enterprise. For companies furthest along on this journey, IT operations and security teams – once distinct silos – are…

Source…

How to Proactively Limit Damage From BlackMatter Ransomware

/in


The BlackMatter ransomware strain that’s been used in numerous attacks against US critical infrastructure entities and other large organizations in recent months has a serious logic flaw in its code that limits the malware’s effectiveness in some situations.

Organizations that can trigger the faulty logic can potentially mitigate the damage that BlackMatter can cause in their environment, Illusive said in a report Friday.

Illusive researchers discovered the flaw when they observed the ransomware failing to encrypt shares of remote computers in the company’s test environment. A closer inspection of the code showed that BlackMatter encrypts other computers in the same network only if the environment is configured in a particular way.

The logic flaw gives organizations a way to prevent BlackMatter from encrypting file shares, says Shahar Zelig, security researcher at Illusive.

“But it is important to note that the compromised device would still be encrypted,” he says. “And if an attacker has compromised multiple devices, it could still run BlackMatter to encrypt all those devices. This logic flaw is specially about remote shares.”

BlackMatter surfaced in July 2021 soon after the DarkSide ransomware-as-a-service operation shut down following an attack on Colonial Pipeline that stirred concern — and reaction — all the way from the White House down. Like DarkSide, BlackMatter is being distributed under a ransomware-as-a-service model. The malware has been used in attacks against at least two organizations belonging to the US food and agriculture sector and several other critical infrastructure targets. Operators of the ransomware have published data belonging to at least 10 large organizations across the US, Canada, UK, India, Brazil, Thailand, and Chile.

Security vendors that have analyzed the malware describe its payload as highly efficient, small (about 80Kb in size), well-obfuscated, and running mostly in memory. An analysis conducted by Varonis showed the operators of BlackMatter typically gain initial access by compromising vulnerable edge devices, including remote desktops and VPNs, or by abusing login credentials obtained from other sources. 

Concerns over BlackMatter prompted…

Source…

Tervis Chooses OpenDNS Enterprise to Proactively Prevent Malware and Botnets – YAHOO!

/in

OpenDNS, the world’s largest and fastest-growing provider of Internet security and DNS services that deliver a safer, faster and more intelligent Internet experience to everyone, today announced Tervis is using OpenDNS Enterprise, the preferred solution of …
“internet security” – read more