In just the last two months, the cybercriminal-controlled botnet known as TrickBot has become, by some measures, public enemy number one for the cybersecurity community. It's survived takedown attempts by Microsoft, a supergroup of security firms, and even US Cyber Command. Now it appears the hackers behind TrickBot are trying a new technique to infect the deepest recesses of infected machines, reaching beyond their operating systems and into their firmware.

Security firms AdvIntel and Eclypsium today revealed that they've spotted a new component of the trojan that TrickBot hackers use to infect machines. The previously undiscovered module checks victim computers for vulnerabilities that would allow the hackers to plant a backdoor in deep-seated code known as the Unified Extensible Firmware Interface, which is responsible for loading a device's operating system when it boots up. Because the UEFI sits on a chip on the computers motherboard outside of its hard drive, planting malicious code there would allow TrickBot to evade most antivirus detection, software updates, or even a total wipe and reinstallation of the computer's operating system. It could alternatively be used to "brick" target computers, corrupting their firmware to the degree that the motherboard would need to be replaced.

The TrickBot operators' use of that technique, which the researchers are calling "TrickBoot," makes the hacker group just one of a handfuland the first that's not state-sponsoredto have experimented in the wild with UEFI-targeted malware, says Vitali Kremez, a cybersecurity researcher for AdvIntel and the company's CEO. But TrickBoot also represents an insidious new tool in the hands of a brazen group of criminalsone that's already used its foothold inside organizations to plant ransomware and partnered with theft-focused North Korean hackers. "The group is looking for novel ways to get very advanced persistence on systems, to survive any software updates and get inside the core of the firmware," says Kremez. If they can successfully penetrate a victim machine's firmware, Kremez adds, "the possibilities are endless, from destruction to basically complete system takeover."

While TrickBoot checks for a vulnerable UEFI, the researchers have not yet observed the actual code that would compromise it. Kremez believes hackers are likely downloading a firmware-hacking payload only to certain vulnerable computers once they're identified. "We think they've been handpicking high-value targets of interest," he says.

The hackers behind TrickBot, generally believed to be Russia-based, have gained a reputation as some of the most dangerous cybercriminal hackers on the internet. Their botnet, which at its peak has included more than a million enslaved machines, has been used to plant ransomware like Ryuk and Conti inside the networks of countless victims, including hospitals and medical research facilities. The botnet was considered menacing enough that two distinct operations attempted to disrupt it in October: One, carried out by a group of companies including Microsoft, ESET, Symantec, and Lumen Technologies, sought to use court orders to cut TrickBot's connections to the US-based command-and-control servers. Another simultaneous operation by US Cyber Command essentially hacked the botnet, sending new configuration files to its compromised computers designed to cut them off from the TrickBot operators. It's not clear to what degree the hackers have rebuilt TrickBot, though they have added at least 30,000 victims to their collection since then by compromising new computers or buying access from other hackers, according to security firm Hold Security.

AdvIntel's Kremez came upon the new firmware-focused feature of TrickBotwhose modular design allows it to download new components on the fly to victim computersin a sample of the malware in late October, just after the two attempted takedown operations. He believes it may be part of an attempt by TrickBot's operators to gain a foothold that can survive on target machines despite their malware's growing notoriety throughout the security industry. "Because the whole world is watching, they've lost a lot of bots," says Kremez. "So their malware needs to be stealthy, and that's why we believe they focused on this module."

"The possibilities are endless, from destruction to basically complete system takeover."

Vitali Kremez, AdvIntel

After determining that the new code was aimed at firmware meddling, Kremez shared the module with Eclypsium, which specializes in firmware and microarchitecture security. Eclypsium's analysts determined that the new component Kremez found doesn't actually alter a victim PC's firmware itself, but instead checks for a common vulnerability in Intel UEFIs. PC manufacturers who implement Intel's UEFI firmware often don't set certain bits in that code designed to prevent it from being tampered with. Eclypsium estimates that configuration problem persists in tens of millions or even possibly hundreds of millions of PCs. "They're able to look and identify, OK, this is a target that we're going to be able to do this more invasive or more persistent firmware-based attack," says Eclypsium principal researcher Jesse Michaels. "That seems valuable for this type of widespread campaign where their specific goals may be ransomware, bricking systems, being able to persist in environments."

More:
The Internets Most Notorious Botnet Has an Alarming New Trick - WIRED

AUSTIN, Texas--(BUSINESS WIRE)--Salient Systems has appointed Tom Bogan and Lane Bess to its Board of Directors. Both are titans in enterprise software and bring a wealth of experience and knowledge to guide Salients next stage of growth.

Bogan is currently Vice Chairman of Workday, a leading provider of enterprise cloud applications for finance and human resources, helping customers adapt and thrive in a changing world. Throughout his career, he has been an executive, investor, and board member of several highly successful software companies, including Rational Software, Citrix Systems and Adaptive Insights. He was previously a partner at Greylock, a premier Silicon Valley venture capital firm.

Tom is a well-known and highly respected executive and entrepreneur, who most recently built Adaptive Insights into a $1 billion-plus company, culminating in an acquisition of the company by Workday, said David Hood, Salients CEO. We are thrilled to have Tom join our board. His experience with market transitions and innovating business models for competitive advantage will be of great value for our journey at Salient. Bogan added, I am excited about joining Salients board and truly believe that Salient can build on its accomplishments to provide a new category of value with video.

Bess brings a wealth of experience and is a well-known Silicon Valley tech veteran. He has previously served as COO of Zscaler, an innovator and leader in cloud-based Internet security service, and as CEO of Palo Alto Networks, where he led the initiative to scale the company toward its IPO.

We are incredibly fortunate to have someone with Lanes wealth of experience in cybersecurity and enterprise software join our board, Hood said. His cybersecurity domain expertise and his extensive entrepreneurial talent will be crucial to Salients growth as we move into the next phase of our evolution as a company. Bess added, I see parallels to companies I have led and advised, and I am impressed with Salients strategic roadmap.

The addition of Bess and Bogan to the board will be instrumental to Salients evolution beyond security, to a software provider that serves as a core data platform fueling business intelligence. In addition to the appointments of Bess and Bogan, Salient has further fueled its transformation by welcoming aboard executives with strong enterprise software backgrounds.

Salients path forward is to further commit to the open architecture strategy that has been central to its growth so far. Its award-winning video management software platform, CompleteView, is ideally suited to integrate and interoperate with the systems necessary to enable best-in-breed solutions that deliver on both the security and business intelligence end users need.

We believe the single-vendor, end-to-end security solution leaves significant value on the table for end users, who want to get the most business insights out of their systems, Hood said. With innovation continuing to accelerate, single-vendor solutions cant provide the dynamic, adaptive value that businesses want and need.

We chose Salient's platform because its open architecture and ability to integrate with best in class analytics solutions translated into a tremendous return on investment as we can meet security, compliance, and business needs, said a top ten Global LTL logistics customer. Beside meeting surveillance needs, our operations department uses video-based analytics in association with Salient's platform to better evaluate customers demands and improve efficiencies of staff to provide a better experience and increase revenue.

Salient is focused on continuing to achieve more shared success across security and business functions in modern enterprises. To better accommodate enterprise purchasing preferences, Salient recently expanded its offerings to include a subscription offer for its leading video management software.

For more information, please contact info@salientsys.com.

About Salient Systems

Salient is the leading software provider of comprehensive, enterprise-class Video Management Software and Systems. For 25 years, Salient has delivered best-in-class video surveillance solutions for critical infrastructure, transportation, logistics, retail, education, and more. Salient leverages intelligent video technology to mitigate risk, improve service delivery, and drive positive business outcomes for customers worldwide. Salients award winning CompleteView VMS platform offers a full range of applications for unmatched scalability through a fully open architecture. Citi Bank, Kirkland's, University of Notre Dame, ABF Freight, Nike and thousands of other customers trust Salient to provide powerful video-enabled surveillance and business intelligence solutions for today and tomorrow.

The rest is here:
Two Tech Industry Titans Join Salient Systems Board of Directors - Business Wire

Today's highlighted deal comes via our Online Courses section of the Neowin Deals store, where for only a limited time, you can save $6,431 off this Complete InfoSec & Business Continuity Bundle. The ultimate eLearning package with 22 courses on IT industry-standard certifications CompTIA, SSCP, CFR, CISM, and more.

Internet security has never been as important as it is today with more information than ever being handled digitally around the globe. From a personal to business level, having enough knowledge of cybersecurity will keep your data, systems, and networks from the constantly evolving digital threats. The Complete 2020 CyberSecurity & Ethical Hacking Bundle offers 22 courses on the most essential skills and certifications in the IT industry.

For a full description, specs, and instructor info, click here.

This Complete InfoSec & Business Continuity Bundle normally costs $6,490, but you can pick it up for just $59 for a limited time - that represents a saving of $6,431.

>> Learn more, or get this deal now See all discounted Online Courses on offer. This is a time-limited deal.Get $1 credit for every $25 spent Give $10, Get $10 10% off for first-time buyers.

If this offer doesn't interest you, why not check out the following offers:

Disable Sponsored posts Neowin Deals Free eBooks Neowin Store

Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerce's privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs.

More:
Save over $6,400 off this Complete InfoSec & Business Continuity Bundle - Neowin

The Internet Security Audit market study Added by Affluence Market Reports, provides Detailed analysis on various segments such as industry analysis (industry trends), market share analysis of top players, and company profiles, which together provide an overall view on the competitive landscape; emerging and high-growth segments of the Internet Security Audit market; high-growth regions; and market drivers, restraints, challenges, and opportunities.

The Internet Security Audit market report elaborates insights on the Market Diversification (Exhaustive information about new products, untapped regions, and recent developments), Competitive Assessment (In-depth assessment of market shares, strategies, products, and manufacturing capabilities of leading players in the Internet Security Audit market).

Request for Sample Copy of Internet Security Audit Market with Complete TOC and Figures & Graphs @ https://www.affluencemarketreports.com/industry-analysis/request-sample/689078/

Market segmentation based on the Key Players, Types & Applications.

Top Key Players in Internet Security Audit market:

Internet Security Audit Market Report based on Product Type:

Internet Security Audit Market Report based on Applications:

Get Extra Discount on Internet Security Audit Market Report, If your Company is Listed in Above Key Players List @ https://www.affluencemarketreports.com/industry-analysis/request-discount/689078/

Regional Analysis Covered in this Report are:

Impact of COVID-19 on Internet Security Audit Market

The report also contains the effect of the ongoing worldwide pandemic, i.e., COVID-19, on the Internet Security Audit Market and what the future holds for it. It offers an analysis of the impacts of the epidemic on the international Market. The epidemic has immediately interrupted the requirement and supply series. The Internet Security Audit Market report also assesses the economic effect on firms and monetary markets. Futuristic Reports has accumulated advice from several delegates of this business and has engaged from the secondary and primary research to extend the customers with strategies and data to combat industry struggles throughout and after the COVID-19 pandemic.

For More Details on Impact of COVID-19 on Internet Security Audit Market https://www.affluencemarketreports.com/industry-analysis/covid19-request/689078/

This report brings together multiple data sources to provide a comprehensive overview of Internet Security Audit market. the report includes analysis on the following

Make Inquiry for More Insights about Internet Security Audit Market: https://www.affluencemarketreports.com/industry-analysis/request-inquiry/689078/

Internet Security Audit Market highlights the following key factors:

About Affluence:

Affluence Market Reports is the next generation of all your research needs with a strong grapple on the worldwide market for industries, organizations, and governments. Our aim is to deliver exemplary reports that meet the definite needs of clients, which offers an adequate business technique, planning, and competitive landscape for new and existing industries that will develop your business needs.

We provide a premium in-depth statistical approach, a 360-degree market view that includes detailed segmentation, key trends, strategic recommendations, growth figures, Cost Analysis, new progress, evolving technologies, and forecasts by authentic agencies.

For more Details Contact Us:

Affluence Market Reports

Contact Person: Mr. Rohit

Phone Number: U.S +1-(424) 256-1722

Email: [emailprotected]

Website: http://www.affluencemarketreports.com

See the rest here:
Internet Security Audit Market is Expected to Exhibit an Upward Growth Trend Across Widespread Verticals | Affluence - The Think Curiouser

Internet of Things (IoT) Security Technology Market Overview

The Global Internet of Things (IoT) Security Technology Market is showing positive signs of growth. With the current COVID-19 pandemic scenario, new business opportunities are sprouting in the market. Organizations must explore new markets to expand their business globally and locally. For getting a deeper understanding of the emerging trends, the Global Internet of Things (IoT) Security Technology Market report showcases various factors that drive the economy worldwide. Moreover, the companies will get to know the market landscape for the next decade 2020-2027.

The Global Internet of Things (IoT) Security Technology Market report has been uniquely designed to cater to the needs of the businesses of the 21st century. Going digital is the new normal. Moreover, companies can get to understand their strengths and weaknesses after assessing the market. The next decade is going to be ruled by customer-centric services. To align the business operations, the management team can utilize the actionable recommendations offered at the end of the Global Internet of Things (IoT) Security Technology Market report. Factors that can lift or reduce the business are termed as the external factors that also govern the functioning of the market or industries as a whole.

Before designing the blueprint, every business group can go through the Global Internet of Things (IoT) Security Technology Market report to understand the key business areas. For shaping a new business venture or expanding into a new market, every company must look into the opportunities and threats that are lurking in the current market. To make an efficient business plan, corporations need to understand the market dynamics that will shape the market in the forecast period (2020-2027).

Following key players have been profiled with the help of proven research methodologies:

Internet of Things (IoT) Security Technology Market: Competitive Landscape

To get a head start in a new market, every enterprise needs to understand the competitive landscape and the basic rules that have kept the specific market afloat. The global Internet of Things (IoT) Security Technology Market report unravels the secret ingredients used by competitors to meet the demands of their target audience. For specifically understanding the need to balance the capital invested with profits, organizations must use specific indicators. These indicators will not only help in pointing towards growth but also act as an alert to the upcoming threats in the near future. A proper business plan and approach can guarantee a smooth path ahead for every organization.

If the firms believe in offering a memorable experience to their prospective customers, the Global Internet of Things (IoT) Security Technology Market report is going to be very useful. Facts and figures are churned into this investigative report to share the strengths and weaknesses of the company. With new technologies being introduced every day, many new entrants have started their business in the market. So, to understand their approach towards the market, the Global Internet of Things (IoT) Security Technology Market report has a dedicated section. From the financial aspect to legal, the market report covers all the major things required to study the market and put the business plan in action. Not only this, the competitors added in the report can be altered as per the clients needs and expectations. Furthermore, the companies get a basic outline of moves, in the Global Internet of Things (IoT) Security Technology Market report, that can push the business to emerald heights, both in terms of sales and customer generation for the estimated time frame (2020-2027).

Internet of Things (IoT) Security Technology Market Segmentation:

The Internet of Things (IoT) Security Technology Market has been examined into different global market segments such as type, applications, and global geographies. Each and every global market segment has been studied to get informative insights into various global regions.

Internet of Things (IoT) Security Technology Market Segment by Type:

Internet of Things (IoT) Security Technology Market Segment by Application:

Internet of Things (IoT) Security Technology Market Segment by Global Presence:

North America Latin America Middle East Asia-Pacific Africa Europe

The report has been aggregated by using a couple of research methodologies such as primary and secondary research techniques. It helps in collecting informative pieces of professional information for deriving effective insights into the market. This informative report helps in making well informed and strategic decisions throughout the forecast period.

Internet of Things (IoT) Security Technology Market: Scope of the Report

To properly get a deeper understanding of the Global Internet of Things (IoT) Security Technology Market, this detailed report is the best choice for businesses. To boost the business along with gaining an edge over the competition, every enterprise needs to focus on the pain points of the market (under investigation). Our experienced professionals have collated facts and figures.

This in-depth analysis has revealed many fascinating facts for organizations. For smooth functioning, every business needs to be flexible towards the latest market trends. For this, the framework must be designed to adapt to the trends running at the moment. An end-to-end examination done on the target crowd helped in building the fundamental segment of the investigation, namely the external factors. These have a high tendency to push or pull the industries. Entire industries can either flourish or wipe out due to these uncontrollable factors. Global Internet of Things (IoT) Security Technology market report shows the most affordable options for new as well as established business players to gain market share.

With the highly experienced and motivated team at your service, the team also provides the impact of major factors such as Porters five forces. In the Global Internet of Things (IoT) Security Technology Market, every business runs on the image that is generated digitally in the current decade. Hence, companies need to understand the legal hurdles also. Moreover, with the in-depth study conducted across the various market verticals, it is crystal clear that stakeholders also play a significant role in running the business. Get all the details in the Global Internet of Things (IoT) Security Technology Market report and understand your competitors.

Key questions answered through this analytical market research report include:

What are the latest trends, new patterns and technological advancements in the Internet of Things (IoT) Security Technology Market? Which factors are influencing the Internet of Things (IoT) Security Technology Market over the forecast period? What are the global challenges, threats and risks in the Internet of Things (IoT) Security Technology Market? Which factors are propelling and restraining the Internet of Things (IoT) Security Technology Market? What are the demanding global regions of the Internet of Things (IoT) Security Technology Market? What will be the global market size over the coming future? What are the different effective business strategies followed by global companies?

If you have any custom requirements, please let us know and we will offer you the customized report as per your requirements.

About Us:

Market Research Intellect provides syndicated and customized research reports to clients from various industries and organizations with the aim of delivering functional expertise. We provide reports for all industries including Energy, Technology, Manufacturing and Construction, Chemicals and Materials, Food and Beverage, and more. These reports deliver an in-depth study of the market with industry analysis, the market value for regions and countries, and trends that are pertinent to the industry.

Contact us:

Mr. Steven Fernandes

Market Research Intellect

New Jersey ( USA )

Tel: +1-650-781-4080

Website https://www.marketresearchintellect.com/

Read more from the original source:
Internet of Things (IoT) Security Technology Market Size 2020 | Opportunities, Regional Overview, Top Leaders, Revenue and Forecast to 2027 -...