India, 2nd April 2021: Back at the start of his career 10 years ago, working in the fast-growing internet services companies, Mr. Eftekhar knew deep in his mind that dependence on the internet will only rise exponentially and the millions of connected homes and businesses will be needing a practical and robust tool to get the best of internet, minus the threats and dangers it brings along.

With a deep understanding of IP networking, coupled with his sparkling talent in application networking, Eftekhar U Chy started building the 1st-ever do-it-yourself or DIY internet control and security solution Audra (www.audra.io). The rising tech-titan and his AI/ML-powered cloud solution bring new hope for SMEs in their fearless growth. With an on-prem appliance, tagged with machine learning backed robust AI-cloud application, which is also conveniently controlled by a mobile app, Audra is definitely the answer to many homes and small businesses across Asia and beyond. When it comes to internet security, Audra aims to be the right fit for them.

Eftekhar now spearheads the Singapore-based technology entity Dotlines as its CTO. The group continues to bag spectacular growth across continents, with the innovations Eftekhar and his vigorous technology organization bring for the group. The group does business in more than 12 verticals, all powered by his state-of-the-art technology platforms.

Audra is a key vertical in our group, and it offers a complete suite of solutions across the internet pyramid. It gives efficient protection for ISPs, iron-clad security for enterprises, productivity and safeguarding for small-medium businesses, parental control and threat-prevention for homes, and finally easily-done protection for personal devices, said Eftekhar.

He informed that 80% of hackers choose Asian SMEs as an easy target because they are well-unprotected. Not only that, 60% of employees spend one-third of their time doing personal stuff, and thus SMEs lose a lot on the productivity side.

He added, Asia is thriving on the substantial SME base, and we see they are increasingly getting digitalized. Countries like Indonesia, India are no different. But most of them think they are not vulnerable, find market solutions complex and 90% of them have no IT personnel to manage office network. We at Dotlines, always do purpose-driven innovation, and Audra is an outcome of that philosophy. We built Audra in a way, so that, it is extremely simple to set up (no IT background needed), convenient to set rules for productivity and security of office network (pre-set rules, control from an easy user app in the phone) and affordable for SME owners to own this with no hassle.

India, with its massive base of 60+ million MSMEs, need a solid answer to the concerns they have, when it comes to business digitalization. We strongly believe Audra is the best of the answers. Therefore, with our proven tracks in Indonesia, Malaysia, we are confident, SMEs in India will also adopt the simple, convenient and affordable products and security benefits Audra offers, concluded Eftekhar.

Audras marvel is set around its superbly practical end-user-based design-thinking and highly efficient solution architecture. Its sophisticated machine learning algorithm powers up its Cloud AI, which delivers unprecedented practicality and robustness, when it comes to internet control to bring employee productivity in and push known/unknown cyber threats out.

To know more, visit Audra.

Read the original:
Dotlines CTO Eftekhar builds the first-ever DIY productivity & security solution - Hindustan Times

Fireless malware attacks and cryptominers are coming back in force, while ransomware attacks are on the decline.

This is according to WatchGuard Technologies new Internet Security Report for Q4 2020.

Among its most notable findings, the report reveals that fileless malware and cryptominer attack rates grew by nearly 900% and 25% respectively, while unique ransomware payloads plummeted by 48% in 2020 compared to 2019.

Additionally, the WatchGuard Threat Lab found that Q4 2020 brought a 41% increase in encrypted malware detections over the previous quarter and network attacks hit their highest levels since 2018.

WatchGuard's report looked more closely at various trends and attack types, including fileless malware, cryptominers, ransomware, encrypted and evasive malware, botnet malware, supply chain attacks, trojan dupes and network attacks.

Fileless malware

Fileless malware rates in 2020 increased by 888% over 2019.

According to WatchGuard, these threats can be particularly dangerous due to their ability to evade detection by traditional endpoint protection clients and because they can succeed without victims doing anything beyond clicking a malicious link or unknowingly visiting a compromised website.

Toolkits such as PowerSploit and CobaltStrike allow threat actors to easily inject malicious code into other running processes and remain operational even if the victims defences identify and remove the original script.

Deploying endpoint detection and response solutions alongside preventative anti-malware can help identify these threats.

Cryptominers

After virtually all cryptocurrency prices crashed in early 2018, cryptominer infections became far less prevalent and reached a low of 633 unique variant detections in 2019.

According to the researchers, attackers continued adding cryptominer modules to existing botnet infections and extract passive income from victims while abusing their networks for other cyber crime.

As a result, and with prices trending upward again in Q4 2020, the volume of cryptominer malware detections climbed more than 25% over 2019 levels to reach 850 unique variants last year.

Ransomware

For the second year in a row, the number of unique ransomware payloads trended downward in 2020, falling to 2,152 unique payloads from 4,131 in 2019 and the all-time-high of 5,489 in 2018.

These figures represent individual variants of ransomware that may have infected hundreds or thousands of endpoints worldwide.

The majority of these detections resulted from signatures originally implemented in 2017 to detect WannaCry and its related variants, showing that ransomworm tactics are still thriving over three years after WannaCry burst onto the scene.

The steady decline in ransomware volume indicates the attackers continued shift away from the unfocused, widespread campaigns of the past toward highly targeted attacks against healthcare organisations, manufacturing firms and other victims for which downtime is unacceptable, WatchGuard states.

Encrypted, evasive malware

Despite being the fourth consecutive quarter of decreasing malware volumes overall, nearly half (47%) of all attacks WatchGuard detected at the network perimeter in Q4 were encrypted.

Additionally, malware delivered via HTTPS connections increased by 41%, while encrypted zero day malware (variants that circumvent antivirus signatures) grew by 22% over Q3.

Botnet malware targeting IoT devices and routers

In Q4, the Linux.Generic virus (also known as The Moon) made its debut on WatchGuards list of top 10 malware detections.

This malware is part of a network of servers that directly targets IoT devices and consumer-grade network devices like routers to exploit any open vulnerabilities.

WatchGuard's investigation uncovered Linux-specific malware designed for ARM processors and another payload designed for MIPS processors within the attackers infrastructure, indicating a clear focus on evasive attacks against IoT devices.

Supply chain attacks

The sophisticated, allegedly state-sponsored SolarWinds supply chain breach will have wide implications throughout the security industry for years to come, WatchGuard states.

Its effects spread far beyond SolarWinds to almost 100 companies, including some major Fortune 500s, big security companies, and even the U.S. government.

WatchGuard's detailed incident breakdown showcases the importance of defending against supply chain attacks in todays interconnected digital ecosystem.

New trojan dupes

Trojan.Script.1026663 made its way onto WatchGuard's top five most-widespread malware detections list in Q4.

The attack begins with an email asking victims to review an order list attachment. The document triggers a series of payloads and malicious code that ultimately lead the victim machine to load the final attack: the Agent Tesla remote access trojan (RAT) and keylogger.

Network attacks

Total network attack detections grew by 5% in Q4, reaching their highest level in over two years, the report shows.

Additionally, total unique network attack signatures showed steady growth as well with a 4% increase over Q3.

This shows that even as the world continues to operate remotely, the corporate network perimeter is still very much in play as threat actors continue to target on-premises assets.

WatchGuard chief technology officer Corey Nachreiner says, The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections.

"The attacks are coming on all fronts, as cyber criminals increasingly leverage fileless malware, cryptominers, encrypted attacks and more, and target users both at remote locations as well as corporate assets behind the traditional network perimeter.

"Effective security today means prioritising endpoint detection and response, network defences and foundational precautions such as security awareness training and strict patch management.

See the original post here:
WatchGuard uncovers top cyber threat trends of Q4 2020 - SecurityBrief New Zealand

What if a big crack appeared overnight in the internet's security layer? What if the fracture reached deep into the mathematical foundations of the cryptographic algorithms? That appeared to happen in early March when a paper dropped with a tantalizing conclusion in the abstract: This destroys the RSA cryptosystem.

If the claim proves correct, a good part of the data thats encrypted at rest or in motion might not be safe. The first problem was that no one knew if the author was right. The second, even larger problem was no one was sure what the world should do if the claims were true.

At this writing, mathematicians are still deliberating the first question, but others are addressing the second question and starting to sketch out plans for what to do if a catastrophic weakness appears out of nowhere. Theyre pushing for a stronger foundation built out of multiple algorithms implemented with protocols that make switching simpler.

Some cryptographers are looking for RSA replacements because the algorithm is just one encryption algorithm that may be vulnerable to new machines that exploit quantum effects in electronics. The world must be more agile, they argue, because there are many potential cracks that could appear.

Read the rest here:
What's next for encryption if the RSA algorithm is broken? - CSO Online

By the CyberWire staff

Google's Threat Analysis Group (TAG) has published an update on a North Korean cyberespionage campaign targeting security researchers. TAG warned in January that a threat actor was messaging researchers on various social media platforms asking to collaborate on vulnerability research. They also set up a watering hole site that posed as a phony research blog, using an Internet Explorer zero-day.

Now, Google says the actor is using a new website and social media profiles posing as a fake company called "SecuriElite." TAG writes, "The attackers latest batch of social media profiles continue the trend of posing as fellow security researchers interested in exploitation and offensive security. On LinkedIn, we identified two accounts impersonating recruiters for antivirus and security companies. We have reported all identified social media profiles to the platforms to allow them to take appropriate action." Google also believes the attackers are using more zero-days.

The Associated Press reports that the suspected Russian hackers behind the SolarWinds attack gained access to the emails of former acting Department of Homeland Security Secretary Chad Wolf and other DHS officials. So far it doesn't appear that classified communications were compromised, but POLITICO says the number of emails stolen was in the thousands. A State Department spokesperson told POLITICO, "the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time."

5 Top ICS Cybersecurity Recommendations in the Year in Review

Find out about themajor ICS cyber threats, vulnerabilities and lessons learned from our field work in the just released Year in Review report. Youll discover 5 recommendations to secure your industrial environment and the 4 new threat activity groups were tracking.Read the executive summary.

Proofpoint reports that an Iran-linked threat actor, TA453 (also known as Charming Kitten or Phosphorous), is running a phishing campaign against "senior medical professionals who specialize in genetic, neurology, and oncology research in the United States and Israel." The operation, dubbed "BadBlood," used spearphishing emails with URLs that led to spoofed Microsoft 365 and OneDrive login pages.

The researchers state, "At this time, Proofpoint cannot conclusively determine the motivation of actors conducting these campaigns. As collaboration for medical research is often conducted informally over email, this campaign may demonstrate that a subset of TA453 operators have an intelligence requirement to collect specific medical information related to genetic, oncology, or neurology research. Alternatively, this campaign may demonstrate an interest in the patient information of the targeted medical personnel or an aim to use the recipients' accounts in further phishing campaigns."

Proofpoint also notes that the operation demonstrates a (possibly temporary) shift in targeting for Charming Kitten: "While TA453 has consistently demonstrated a desire to collect and exfiltrate the email mailbox contents belonging to typical intelligence targets of the Iranian government like the Iranian diaspora, policy analysts, and educators, this TA453 campaign demonstrated a desire to target medical researchers and providers. Further detection and analysis of TA453 campaigns will likely determine whether this targeting is an outlier or if targeting has evolved to support the medical sector becoming a consistent intelligence requirement and target for TA453."

TechCrunchreportsthat Indian mobile payments startup MobiKwik has apparently sustained a data breach that exposed the data of 99 million customers. Criminals on a dark web forum claim they've obtained 8.2 terabytes of MobiKwik user data, including hashed passwords, partial credit card numbers, and identification documents like government-issued Aadhaar card or PAN ID numbers belonging to 3.5 million users. The criminals are selling access to the database for $70,000.

MobiKwik, however, denies that the data are theirs or that a breach ever occurred. The firmtoldMoneyControl, "Some media-crazed so-called security researchers have repeatedly attempted to present concocted files wasting precious time of our organization as well as members of the media. We thoroughly investigated and did not find any security lapses." The Free Software Movement of India (FSMI) has filed a complaint with the Indian Computer Emergency Response Team urging them to investigate the alleged breach, the Hindu Businesslinereports. FSMI stated, "The data is available on the dark web. Mobikwik being a digital wallet, the breach would expose its customers to cyber security attacks."

Reuters reports that theReserve Bank of India (RBI) has ordered MobiKwik to investigate the allegations immediately. Reuters cites a source as saying that the RBI was "not happy" with MobiKwik's initial response to the claims.

For more, see the CyberWire ProPrivacy Briefing.

Kasperskydescribesa cyberespionage campaign that ran from March 2019 to the end of December 2020. The campaign targeted Japan and entities related to Japan, particularly the country's manufacturing industry. The researchers "assess with high confidence" that China's APT10 is behind the operation. The threat actor gained access by exploiting vulnerabilities in Pulse Connect Secure VPNs or by using previously stolen credentials.

Kaspersky says the actor used a unique loader dubbed "Ecipekac" to deliver fileless malware. The researchers explain, "This campaign introduced a very sophisticated multi-layer malware named Ecipekac and its payloads, which include different unique fileless malware such as P8RAT and SodaMaster. In our opinion, the most significant aspect of the Ecipekac malware is that, apart from the large number of layers, the encrypted shellcodes were being inserted into digitally signed DLLs without affecting the validity of the digital signature. When this technique is used, some security solutions cannot detect these implants. Judging from the main features of the P8RAT and SodaMaster backdoors, we believe that these modules are downloaders responsible for downloading further malware that, unfortunately, we have not been able to obtain so far in our investigation."

For more, see the CyberWire ProResearch Briefing.

You're already a reader of the CyberWire. Why not join our team?!

Want to be a part of a dynamic, fun-loving, hard working team? the CyberWire is the place for you! The CyberWire has an opening for a dynamic, goal-oriented sales person to join our sponsorship team.If that sounds like you, or someone you know, we would love to talk to you. Visit our Careers page to learn more or email us at careers@thecyberwire.com.

Several members of Germany's Bundestag have had their personal email accounts breached, CyberScoopsays. The BfV and BSI security services have briefed the federal legislative body and contacted affected members. German officials have provided few details, but Tageschaureportsthat the compromise was the work of Ghostwriter (a threat actor associated with Russian interests) and that spearphishing was the attack vector. It also suggests that Russia's GRU was responsible.

Der Spiegel iscallingit a Russian operation, and also specifically attributing it to the GRU, the Russian military intelligence agency. Seven members of the Bundestag were affected, as were thirty-one members of Land parliaments, that is, parliaments belonging to the Federal Republics constituent states, roughly the equivalent of US state legislatures. "Several dozen" other political figures were also affected. Most of the targets were members of the two largest German political parties, the center-right CDU/CSU and the center-left SPD.

Security firm FireEye's 2020accountof Ghostwriter described it as a disinformation peddler. "The operations have primarily targeted audiences in Lithuania, Latvia, and Poland with narratives critical of the North Atlantic Treaty Organizations (NATO) presence in Eastern Europe, the companys report said, occasionally leveraging other themes such as anti-U.S. and COVID-19-related narratives as part of this broader anti-NATO agenda." FireEye didnt go so far as to identify the group as a unit of the Russian government, but objectively, as people say, Ghostwriter acted in the Russian interest.

For more, see the CyberWire ProDisinformation Briefing.

Are you interested in space and communications?

If so, take a look at theCosmic AESSignals&Space. Aerospace meets outer space. This monthly briefing on cyber security as it relates to the space and SIGINT sectors covers technology, policy, market news and more. Our new issue comes out Thursday, April 1, 2021.

San Mateo, California-based financial crime prevention provider Feedzai has raised $200 million in a Series C round led byKKR, with participation from existing investorsSapphire VenturesandCiti Ventures. The funding round brings the company's valuation to more than $1 billion. The company stated, "[W]ere ecstatic at the 'future-proof' capabilities this new investment will bring our team, products, and cloud platform. This is how well birth advancements to our recently revealed, award-winning ethical AI innovation, Fairband, along with other customer-centric technologies that strive to ensure frictionless financial services."

Critical infrastructure cybersecurity company OPSWAT, based in Tampa, Florida, has received $125 Million in funding from Brighton Park Capital. The company says it "will use the new capital to accelerate its rapid growth, with a focus on additional global expansion of sales, marketing, customer success and business operations. The Company will also continue robust investment in R&D innovation and pursue strategic acquisitions."

Cloud backup and recovery company HYCU (with headquarters in Boston) has raised $87.5 million in a Series A round led by Bain Capital Ventures, with participation from Acrew Capital. The company says the funding "reinforces HYCU's leading market position and continued momentum, and will enable the company to hire more than 100 new employees in the Boston area to achieve rapid scale."

Palo Alto-based data integration platform provider Striim has secured $50 million in a Series C round led by Goldman Sachs Growth Equity, with participation from Summit Partners, Atlantic Bridge Ventures, Dell Ventures, and Bosch Ventures, Crunchbase News reports. Striim says the funding "will support the accelerating growth in Striim's global customer base and its data integration offerings delivered on-premises, in the cloud and as a managed service."

Israeli endpoint security provider Morphisec has raised $31 million in a funding round led by JVP, with participation from Orange and Deutsche Telekom Capital Partners. The company stated, "The investment will support an aggressive hiring push aimed at drastically increasing headcount across the U.S. and Israel. As Morphisec ramps up recruiting talent for every level of its organization, it is announcing today the appointment of Steve Bennett to its board of directors, effective immediately. Bennett formerly served as CEO of major software and security companies, including Symantec and Intuit."

San Francisco-based privacy management platform provider Ketch has emerged from stealth after raising $23 million in a Series A round led by CRV, super{set}, Ridge Ventures, Acrew Capital, and Silicon Valley Bank, TechCrunch reports.

For more, see the CyberWire ProBusiness Briefing.

CyberWire Pro Interview Selects

CyberWire Pro subscribers have access to our Interview Selects podcast, a curation of our most engaging and informative interviews, featuring cyber security professionals, journalists, authors and industry insiders. Subscribe to CyberWire Pro to unlock access to this and much more exclusive content. Learn more and subscribe.

OpenSSL has received patches for two high-severity vulnerabilities, Naked Security reports. CVE-2021-3449 can lead to a crash or denial of service, while CVE-2021-3450can make a client accept a phony TLS certificate. The latter is the more serious of the two flaws; the vulnerability's description states, "Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a 'purpose' has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application."

The Record reports that a 22-year-old Kansas man, Wyatt Travnichek, has been charged by the US Justice Department with "one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access." The Justice Department stated, "The indictment alleges that on or about March 27, 2019, in the District of Kansas, Travnichek knowingly accessed the Ellsworth County Rural Water Districts protected computer system without authorization. During this unauthorized access, it is alleged Travnichek performed activities that shut down the processes at the facility which affect the facilities cleaning and disinfecting procedures with the intention of harming the Ellsworth Rural Water District No. 1, also known as Post Rock Rural Water District." CyberScoop says the incident did not affect customers' drinking water. It's worth noting that this incident is separate from a similar attack that recently affected a water facility in Oldsmar, Florida.

An Israeli citizen, Tal Prihar, has pleaded guilty in the US for his role in operating DeepDotWeb, a website that served as a portal to various criminal marketplaces. Nicholas L. McQuaid, Acting Assistant Attorney General of the Justice Department's Criminal Division, stated, "Tal Prihar served as a broker for illegal Darknet marketplaces helping such marketplaces find customers for fentanyl, firearms, and other dangerous contraband and profited from the illegal business that ensued. This prosecution, seizure of the broker website, and forfeiture send a clear message that we are not only prosecuting the administrators of Darknet marketplaces offering illegal goods and services, but we will also bring to justice those that aim to facilitate and profit from them." Prihar has pleaded guilty to conspiracy to commit money laundering, and will be sentenced on August 2nd.

Florida-based healthcare provider SalusCare has sued Amazon Web Services, alleging that AWS buckets are being used by a hacker to host stolen patient and employee data, HealthITSecurity reports. SalusCare states that the stolen data include Social Security numbers, financial information (including credit card numbers), as well as "extremely personal and sensitive records of patients psychiatric and addiction counseling and treatment." Amazon has suspended the accounts that own the AWS buckets, but SalusCare is seeking for the suspension to be permanent and for the data to be erased.

The lawsuit states, "SalusCare has established that the threatened harm substantially outweighs any potential harm to Amazon or [the hacker] because SalusCare is likely to suffer irreparable harm, while the [individual] would suffer, at worst, a temporary loss of access to the information while it makes its case....Amazon would suffer no conceivable harm in a temporary freeze of the buckets. A temporary restraining order would simply allow the parties to maintain the status quo, thereby ensuring [the hacker] will not have an opportunity to access or use the subject information while it hypothetically pursued its legal rights."

Reuters reports thatthe Biden Administration could issue an Executive Order (EO) this week that would enhance Government agencies' multi-factor authentication and encryption standards and impose new requirements on Government software vendors. The proposed EO would compel vendors to alert Government clients of data breaches, supply a "bill of materials" to those running "critical" functions, and collaborate with Government agencies on incident response.

US Secretary of Homeland Security Alejandro Mayorkas has announced a series of sixty-day security sprints, the Recordreports. The announcement was made in conjunction with the Secretary's enunciation of a cybersecurity strategy that places a high priority on protecting critical infrastructure and defending against ransomware.

And SecurityWeekreportsthat President Biden has followed President Trump's lead in extending President Obama's 2015 Executive Order allowing property sanctions in response to cyberattacks.In announcing the decision, the Administration noted that foreign-sponsored attacks continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States.

EU Commissioner for Justice DidierReynders and US Commerce Secretary GinaRaimondo have issued a jointstatementcommitting to "intensify negotiations on an enhanced EU-U.S. Privacy Shield framework to comply with the July 16, 2020 judgment of the Court of Justice of the European Union in the Schrems II case."

For more, see the CyberWire ProPolicy Briefing.

See the rest here:
North Korea continues targeting security researchers. Holiday Bear gained access to DHS emails. Charming Kitten is phishing for medical professionals....