DMARC blocks spam and phishing emails sent from spoofed domains, and it's vastly underutilized, a new report says.

Just 1.2% of a group of nearly 10 million verified .org domains analyzed have adopted Domain-based Message Authentication, Reporting, and Conformance (DMARC) security standards, which automatically flag and report emails suspected to be sent from an impersonated domain.

New analysis from EasyDMARC added that even while the DMARC email security standard adoption rate swelled among the top-100 US nonprofit organizations to 20%, of the overall number of domains using DMARC, 45.6% were misconfigured.

“Impersonating email domains is one of the main tools used in successful phishing, spoofing, and ransomware attacks," Gerasim Hovhannisyan, EasyDMARC CEO and co-founder said about the findings. "That's why it's so worrying to see our research indicate that only 1.2% of global nonprofits have implemented domain authentication via DMARC, which remains the best way to curb this threat."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Just 1% of Nonprofit Domains Have Basic DMARC Email Security Protections

In the triumvirate of identity types, protecting the identity, privacy, and data of carbon-based forms — humans — is key. Safeguards must be in place as AI becomes more interactive.

ChatGPT and Bard AI are making the news for all kinds of reasons. People are charmed and unnerved by the quirky responses and how seemingly sentient these chatbots are.

But artificial intelligence (AI) has existed for years, and the issues today aren't just related to a greater capacity for writing term papers and malware. These new tools simply add to an already complex ecosystem of identities, which may be carbon-based, silicon-based, or now, increasingly complex artificial identities created by AI.

**Identity Trifecta**

First, let's define these different identity types:

**Carbon-based identity:** This one is easy. It's humans. We have names, we have personally identifiable information, mannerisms, and so much more. And we live, breathe, and interact with carbon, silicon, and artificial identities every day.

**Silicon-based identity:** A silicon-based identity is something that we all interact with but rarely or never think about as an entity: our cars, smartphones, and millions of other items that rarely exist or interact on their own.

**Artificial-based identity:** If you've ever read a novel, you've met a whole cast of artificial identities. Each character is a fictional creation with a backstory, internal motivations, and seemingly interactive relationships. The new chatbots can create detailed identities in moments.

**Why Does Identity Matter?**

A silicon-based identity integrates with you and your identity. Take your smartphone, for example. You set it up and customize it so that you can log in with your fingerprint or your face. You use it to set up online banking accounts, social media profiles, and much more. Essentially, you create a link between your carbon identity and your silicon identity, which allows you to interact with your bank and other peer-to-peer connections. When you sell or give away the phone, you know you need to wipe all that data, otherwise the next user could use connections that you authenticated to access your financial, work, and other personal accounts. Even after removing the data, the phone still exists as a silicon identity, and it will integrate with the next carbon entity that sets it up.

Artificial entities are increasingly easy to create, however. AI can generate faces that people find trustworthy and have difficulty distinguishing from real ones. Combined with chatbots, some of these entities have LinkedIn profiles and can easily — and convincingly — reach out to prospective customers without adding to an organization's staffing costs or training requirements. Other chatbots may be answering your banking questions, responding to fraud alerts, or authorizing transactions. They may help you book a flight, facilitate a product return, or respond to insurance queries.

**Who — or What — Are You Talking To?**

How to know which type of entity you're talking to is a question that's only going to become more challenging in the coming months and years. Today, most chatbots can answer simple questions with canned responses. Most users probably find them frustratingly inadequate and try to interact with a carbon entity instead. But it's getting harder to tell them apart. As these solutions become more available, flexible, and interactive, you need to consider who you want to share protected information with.

It may seem safe to share your banking information with an artificial identity, forgetting that if you share your checking account info and authorize them to take money out, you have very little control over when and how that happens. There are some financial regulations in place to help consumers, but they only help after something goes wrong. When your credit or debit card is compromised, you can dispute fraudulent transactions, prevent future charges, and get a new card. That can limit the potential fallout.

Health information is far more complicated. If you share information with an artificial identity about your carbon entity, such as that you have diabetes and high blood pressure, that information goes somewhere you can no longer control. If this private health information is disclosed, either because the artificial entity you shared it with was created for malicious purposes or because the data collected wasn't properly secured and encrypted, that part of your identity is now compromised and you cannot make that information private again.

**Protect Data, Privacy, and Identity**

As the different types of identities become increasingly intertwined and complicated, it's important for organizations to make it clear when an identity interfacing directly with people is artificial, why they're using it, and how.

They also need to protect the identity, privacy, and data of the carbon identities, regardless of how it is collected. That means how this information is collected, transmitted, and encrypted is important.

As we move forward, we must make certain that we protect data, privacy, and identity by challenging and validating access for all these different types of identities. Although artificial identities are becoming interactive and seemingly human, the responsibility to protect carbon identities is paramount.

Are You Talking to a Carbon, Silicon, or Artificial Identity?

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities in Internet of Things and embedded systems.

New cybersecurity startup Op\[4\] launched today with a platform designed to fix vulnerabilities in Internet of Things (IoT) and embedded devices.

The platform, based on technology originally developed for DARPA, “continuously and accurately” detects, isolates, validates, classifies, prioritizes and remediates n-day and zero-day vulnerabilities, the company said in a statement. N-day refers to vulnerabilities in software and systems that are not going to be fixed.

One of the challenges with securing IoT and embedded devices is isolating exploitable firmware flaws. Op\[4\]'s platform addresses this by simulating a running device in order to identify active and inactive code, according to a company spokesperson. This way, the risk is assessed at the binary code level.

Op\[4\] plans to align the platform with the White House's national cybersecurity IoT labeling initiative launching later this year. The company is also preparing industry-specific versions for consumer IoT, aerospace and defense, and telecommunications markets.

The company launched with over $2 million in initial seed funding secured through a combination of product sales and private investment.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

IoT Startup OP[4] Launches With Firmware Security Platform

**NEW YORK** **,** **March 22, 2023** **/PRNewswire/ --** Lightspin, the leading cloud security solution for SaaS companies, today launched the Remediation Hub as part of its cloud-native application protection platform (CNAPP) solution. An evolution of Lightspin's root cause analysis feature, the Remediation Hub provides users the ability to dynamically remediate the most critical cloud environment risks, at scale. As a result, organizations can quickly identify and fix the security threats that matter most. 

"Our Remediation Hub was born out of the overwhelming positive customer response to our root cause analysis feature," said Vladi Sandler, co-founder and CEO for Lightspin. "The Remediation Hub expands on our industry-leading capabilities and helps maximize remediation depth and breadth for overlapping critical issues discovered, thus improving efficiency and reducing the time spent on one-off fixes. By providing the much-needed context, the Remediation Hub allows users to reduce the most risk with minimum actions."

Lightspin analyzes the root cause of all risks detected in the cloud environment including vulnerabilities, misconfigurations, identity risks and prioritizes remediation steps based upon a quantified risk score produced by Lightspin's proprietary algorithm. It then generates the proposed remediation to the root cause – Lightspin is the only CNAPP solution to offer remediation with dynamic guardrails for DevOps. Security teams can quickly and easily see how much a remediation action will improve the security score of their cloud environment. 

In a real-world example, a cloud environment has a root cause risk source of an unpatched image. The image has 100 vulnerabilities and there are five EC2 instances using the image. Most tools will flag 500 vulnerabilities to fix. With Lightspin's root cause analysis, the security team can see that there is only one necessary action: fix the image. 

Other cloud security tools push automated corrective remediation in users' public clouds, but this approach can actually add risk and cause more issues if not implemented carefully. Lightspin's Remediation Hub instead offers recommended remediation with the flexibility for teams to select to apply these fixes to their environments or to modify them to suit their unique organizational requirements.

The Remediation Hub also enables ticketing management via platforms such as Jira and ServiceNow, giving security teams capability to assign owners and track results right in the platform dashboard without navigating to another tool. By centralizing the Lightspin recommended actions and remediations discovered, security teams can simplify and streamline workflows to easily address and understand the root cause of vulnerabilities in their cloud environment. 

**Follow Lightspin**  
LinkedIn: https://www.linkedin.com/company/lightspin/  
Twitter: @lightspintech  
Blog: https://blog.lightspin.io/

**About Lightspin**

Lightspin is the #1 cloud security solution for SaaS companies of all sizes. Agentless and easy to deploy, Lightspin's Cloud Native Application Protection Platform (CNAPP) efficiently prioritizes and remediates cloud security risks in minutes using the industry's only Attack Path Engine built on the graph. Supporting Amazon Web Services, Google Public Cloud, Microsoft Azure and Kubernetes, Lightspin simplifies cloud security and compliance via its self-serve offering and graph-based algorithms. Based in New York and Tel Aviv, Lightspin is backed by Dell Technologies Capital, IBM, and Ibex Investors. Leading SaaS companies such as Imperva, ITV, Kaltura, PageUp and Riskified trust Lightspin to protect their data and workloads in the cloud. Learn more at www.lightspin.io.

Lightspin Launches Remediation Hub to Identify and Fix Cloud Security Threats

The advisory comes the same week as a warning from the EU's ENISA about potential for ransomware attacks on OT systems in the transportation sector.

The US Cybersecurity and Infrastructure Security Agency (CISA) this week issued advisories for a total of 49 vulnerabilities in eight industrial control systems (ICS) used by organizations in multiple critical infrastructure sectors — some unpatched.

The need for organizations in critical infrastructure sectors to consider cybersecurity is growing. ICS and operational technology (OT) environments are no longer air-gapped, segmented as they once used to be, and are increasingly accessible over the Internet. The result is that both ICS and OT networks have become increasingly popular targets for both nation-state actors and financially motivated threat groups.

That's unfortunate given that many of the vulnerabilities in CISA's advisory are remotely exploitable, involve low attack complexity, and allow attackers to take control of affected systems, manipulate and modify settings, escalate privileges, bypass security controls, steal data, and crash systems. The high-severity vulnerabilities are present in products from Siemens, Rockwell Automation, Hitachi, Delta Electronics, Keysight, and VISAM.

The CISA advisory coincided with a report from the European Union on threats to the transportation sector that also warned about the potential for ransomware attacks on OT systems used by aviation, maritime, railway, and road transport agencies. At least some of the vulnerable systems in CISA's advisory pertain to organizations in the transportation sector as well.

**Low-Complexity, High-Impact Vulnerabilities**

Seven of the 49 vulnerabilities in CISA's advisory are in Siemens' RUGGEDCOM APE1808 technology and currently have no fix. The vulnerabilities allow an attacker to elevate privileges on a compromised system, or to crash it. Organizations in multiple critical infrastructure sectors around the globe currently use the product to host commercial applications.

Seventeen other flaws are present in various third-party components that are integrated into Siemens' Scalance W-700 devices. Organizations in multiple critical infrastructure sectors use the product including those in chemical, energy, food, and agriculture and manufacturing. Siemens has urged organizations using the product to update its software to v2.0 or later and to implement controls for protecting network access to the devices.

Thirteen of the newly disclosed vulnerabilities affect Delta Electronic' InfraSuite Device Master, a technology that organizations in the energy sector use to monitor the health of critical systems. Attackers can exploit the vulnerabilities to trigger denial-of-service conditions or to steal sensitive data that could be of use in a future attack.

Other vendors in CISA's advisory, with multiple vulnerabilities in their products are Visam, whose Vbase Automation technology accounted for seven flaws and Rockwell Automaton with three flaws in its ThinManager product used in the critical manufacturing sector. Keysight had one vulnerability in its Keysight N6845A Geolocation Server for communications and government organizations and Hitachi updated information on a previously known vulnerability in its Energy GMS600, PWC600, and Relion products.

This is the second time in recent weeks where CISA has warned organizations in critical infrastructure sectors about serious vulnerabilities in systems they use in industrial and operational technology environments. In January, the agency issued a similar alert on vulnerabilities in products from 12 ICS vendors, including Siemens, Hitachi, Johnson Controls, Panasonic, and Sewio. As with the current set of flaws, many of the vulnerabilities in the previous advisory also allowed threat actors to take over systems, escalate privileges and create other havoc in ICS and OT settings.

**OT Systems in the Crosshairs**

Meanwhile, a report this week from the European Union Agency for Cybersecurity (ENISA) on cyberthreats to the transportation sector warned of potential ransomware attacks against OT systems, based on an analysis of 98 publicly reported incidents in the EU transportation sector between January 2021 and October 2022. 

The analysis showed that financially motivated cybercriminals were responsible for some 47% of the attacks. A plurality of these attacks (38%) was ransomware related. Other common motivations included operational disruptions, espionage, and ideological attacks by hacktivist groups.

Though OT systems were sometimes collaterally damaged in these attacks, ENISA's researchers found no evidence of directed attacks on them in the 98 incidents it analyzed. "The only cases were OT systems and networks were affected were either when entire networks were affected or when safety-critical IT systems were unavailable," the ENISA report said. However, the agency expects that to change. "Ransomware groups will likely target and disrupt OT operations in the foreseeable future."

The European cybersecurity agency's report pointed to an earlier ENISA analysis that warned of ransomware actors and other new threat groups tracked as Kostovite, Petrovite, and Erythrite targeting ICS and OT systems and networks. The report also highlighted the continued evolution of ICS specific malware such as Industroyer, BlackEnergy, CrashOverride, and InController as signs of growing attacker interest in ICS environments.

"In general, adversaries are willing to dedicate time and resources in compromising their targets to harvest information on the OT networks for future purposes," the ENISA report said. "Currently, most adversaries in this space prioritize pre-positioning and information gathering over disruption as strategic objectives."

CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

**SAN JOSE, Calif.****,** **March 22, 2023** **/PRNewswire/ --** Vectra AI, the leader in AI-driven hybrid cloud threat detection and response, today announced the introduction of Vectra Match. Vectra Match brings intrusion detection signature context to Vectra Network Detection and Response (NDR), enabling security teams to accelerate their evolution to AI-driven threat detection and response without sacrificing investments already made in signatures.

"As enterprises transform embracing digital identities, supply chains and ecosystems — GRC and SOC teams are forced to keep pace. Keeping pace with existing, evolving and emerging cyber threats requires visibility, context and control for both known and unknown threats. The challenge for many security organizations is doing so without adding complexity and cost," says Kevin Kennedy, SVP Products at Vectra. "Vectra NDR now enables security teams to unify signatures for known threats and AI-driven behavior-based detection for unknown threats in a single solution."

With the addition of Vectra Match, Vectra NDR addresses core GRC and SOC use cases enabling more efficient and effective:

*   Correlation and validation of threat signals for accuracy.
*   Compliance for network-based CVE detection with compensating controls.
*   Threat hunting, investigation and incident response processes.

According to Gartner®, "recent trends in the NDR Market indicate many NDR offerings have expanded to capture new categories of events and to analyze additional traffic patterns. This includes **new detection techniques:** by adding support for more traditional signatures, performance monitoring, threat intelligence and sometimes malware detection engines. This move toward more multifunction network detection aligns well with the use case of network/security operations convergence, but also with midsize enterprises."1

"The attack surface cyber attackers have at their disposal continues to grow exponentially creating unknown threats on top of the tens of thousands of known vulnerabilities that exist. Attackers simply have exponentially more ways to infiltrate an organization and exfiltrate data — and do so with far more frequency, velocity and impact. Keeping pace with attackers exploiting known vulnerabilities and unknown threats is an immense challenge for every Security, Risk and Compliance officer," says Ronald Heil, Global Risk Advisory Lead for Energy and Natural Resources and Partner at KPMG Netherlands. "Today, cyber-resilience and compliance requires complete visibility and context for both known and unknown attacker methods. Without it, disrupting and containing their impact becomes an exercise in brand reputation and customer trust damage control. Vectra Match capabilities allow us to combine both worlds, having the continued AI-based detection of real-time "movement", while also having the ability to check against specific Suricata indicators — often required during incident response or proof of compliancy (e.g., Log4J). Consolidating AI-based and signature-based detection enables optimization, because in our case, less is more."

"When it comes to shadow IT, we know people with admin rights are 'building boxes off the grid.' Our SOC team cannot protect what we cannot see, thus making these unknown systems prime targets for attackers. No doubt, behavior-based AI-driven detections are great for catching attackers deploying new, evasive methods, but when it comes to attackers leveraging CVEs to compromise unknown, unpatched systems, we need signature-based detection. Combining signature-based detection with behavior-based detection gives our SOC team visibility for both the known-unknown and unknown-unknown threats. It's the best of both worlds," says Brett Fernicola, Sr. Director, Security Operations at Anywhere.re.

**Vectra NDR with Vectra Match**

Vectra NDR — a key component of the Vectra platform — provides end-to-end protection against hybrid and multicloud attacks. Deployed on-premises or in the cloud, the Vectra NDR console is a single source of truth (visibility) and first line of defense (control) for attacks traversing cloud and data center networks. By harnessing AI-driven Attack Signal Intelligence, Vectra NDR empowers GRC and SOC teams with:

*   AI-driven Detections that think like an attacker by going beyond signatures and anomalies to understand attacker behavior and zero in on attacker TTPs across the entire cyber kill chain post compromise, with 90% fewer blind spots and 3x more threats proactively identified.
*   AI-driven Triage that knows what is malicious by utilizing ML to analyze detection patterns unique to the customer's environment to score how meaningful each detection is, thus reducing 85% of alert noise — surfacing only relevant true positive events that require analyst attention.
*   AI-driven Prioritization that focuses on what is urgent by automatically correlating attacker TTPs across attack surfaces, evaluating each entity against globally observed attack profiles to create an attack urgency rating enabling analysts to focus on the most critical threats to the organization.

Vectra NDR empowers security and risk professionals with next-level intrusion detection. Armed with rich context on both known and unknown threats, GRC and SOC teams not only improve the effectiveness of their threat detection, but the efficiency on their threat hunting, investigation and incident response program and processes. Vectra NDR with Vectra Match is available for evaluation and purchase today. For additional information, please visit the following resources.

**Blog:** Vectra AI Announces Vectra Match for Signature-Based Detections

**Solution Brief:** Stop Network Exploits with Vectra NDR and Vectra Match 

**Product page:** Vectra NDR

**About Vectra**

Vectra® is the leader in Security AI-driven hybrid cloud threat detection and response. Only Vectra optimizes AI to detect attacker methods — the TTPs at the heart of all attacks — rather than simplistically alerting on "different." The resulting high-fidelity threat signal and clear context enables cybersecurity teams to rapidly respond to threats and stop attacks from becoming breaches. The Vectra platform and services cover public cloud, SaaS applications, identity systems and network infrastructure — both on-premises and cloud-based. Organizations worldwide rely on the Vectra platform and services for resilience to ransomware, supply chain compromise, identity takeovers, and other cyberattacks impacting their organization. For more information, visit vectra.ai. 

1Gartner Market Guide for Network Detection and Response, Published 14 December 2022 \- ID G00730869 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

SOURCE Vectra

Vectra Unifies AI-Driven Behavior-Based Detection and Signature-Based Detection

**HERZLIYA,** **Israel** **and** **PALO ALTO, Calif.****,** **March 22, 2023** **/PRNewswire/ --** XM Cyber, the leader in hybrid cloud security, announced today the acquisition of Confluera, a pioneer in next-generation cyber attack detection and response for the cloud. XM Cyber now offers a comprehensive CNAPP (Cloud Native Application Protection Platform) solution using its unique attack path modeling to prioritize and assess real risk to the critical assets in your cloud environment.

Together with Confluera, XM Cyber's Continuous Exposure Management platform will provide all aspects of cloud security, from identifying and fixing risk regarding cloud identities (CIEM), identifying vulnerabilities and the detection and response of actual cyber attacks in real time (CWPP), and best practice and compliance management (CSPM).

The rapid rise in sophisticated attacks across hybrid cloud environments requires organizations to equip themselves with a dual strategy that combines advanced preventative capabilities with active detection and response. Classic EDRs that were originally meant for endpoint protection aren't equipped to deal with the runtime protection of cloud infrastructures. Detection in the cloud requires the next-generation capabilities of CxDR (Cloud eXtended Detection and Response), which leverages visibility from different vantage points and accurately combines them to identify multi-stage attacks propagating across distributed cloud environments.

The XM Cyber solution enables organizations to see their on-prem and cloud environments just like an attacker would and identify weaknesses that can potentially be exploited on attack paths to critical assets. With the addition of Confluera, organizations will now have the ability to continuously monitor their cloud environments in real-time to see if they are actually being exploited and effectively block the attacker's progress before any damage is caused.

"We work so well together because we're both looking at the environment through attack path modeling," said Boaz Gorodissky, co-founder and CTO of XM Cyber. "For example, XM Cyber shows our customers how an attacker could take advantage of a cloud secret found in the on-prem environment, move into the cloud, escalate privileges of an EC2, and compromise S3 buckets with sensitive information through a chain of events. Now with Confluera, we will detect if this attack path is actually happening in real time, alert our customers and help them stop the attack before it reaches the S3 buckets."

Confluera co-founder and CTO Abhijit Ghosh, who will be leading the development and integration of the CxDR with XM Cyber as VP CxDR, added: "We are very excited to join forces with XM Cyber to deliver a comprehensive cloud security platform. The technologies complement one another. They cover the prevention and detection aspects of security, with a common attack path modeling-based approach of unifying diverse visibility to identify multi-stage attacks. We are thrilled about leveraging this synergy to address our shared mission of protecting hybrid cloud environments from advanced attacks." Confluera co-founder Niloy Mukherjee further added that "the offensive cybersecurity knowledge of XM Cyber's research team will greatly enrich Confluera's engine to discover and intercept any form of security threat possible across any cloud plane."

The acquisition of Confluera comes less than a year after XM Cyber acquired Cyber Observer to expand its CSPM capabilities.

"Integrating Confluera into our offering just made so much sense. We compared their detection capabilities on workloads with a prominent CWPP solution and were able to detect several attacks that the other CWPP solutions did not. And perhaps just as significantly, it did not create unnecessary noise for the security teams," said Noam Erez, co-founder and CEO of XM Cyber. "Today, security teams are overwhelmed with an overwhelming amount of alerts and multiple security tools that they can't keep track of. They are demanding the consolidation of solutions that can accurately and holistically analyze risk and pinpoint high priority exposures to be remediated efficiently. Confluera aligns perfectly with this core value that we deliver within our suite of services and is a natural fit for us."

The new real-time detection and response capabilities will be available to XM Cyber customers soon. To learn more, please visit: confluera.com. XM Cyber will be attending RSA 2023 and providing demos at their booth #1755 in the South Hall Expo. 

**About XM Cyber** 

XM Cyber is a leading hybrid cloud security company that's changing the way organizations approach cyber risk. XM Cyber transforms exposure management by demonstrating how attackers leverage and combine misconfigurations, vulnerabilities, identity exposures, and more, across AWS, Azure, GCP, and on-prem environments to compromise critical assets. With XM Cyber, you can see all the ways attackers might advance, and all the best ways to stop them, pinpointing where to remediate exposures with a fraction of the effort. Founded by top executives from the Israeli cyber intelligence community, XM Cyber has offices in North America, Europe, and Israel.

**About Confluera**

Confluera is the leading provider of next-generation Cloud eXtended Detection and Response (CxDR) solutions. Founded by Abhijit Ghosh and Niloy Mukherjee, Confluera's patented real-time attack storyboarding, built for hybrid cloud environments, gives organizations full visibility into active attack progressions and helps to drastically reduce the industry average time to detect and respond to advanced attacks. To learn more about Confluera's award-winning solution, visit confluera.com.

XM Cyber Announces Acquisition of Confluera, Adding Run-Time Protection on Cloud Workloads

A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

Keeping applications and networks secure can seem like a Sisyphean task. No matter how much time and resources security and IT teams devote to vulnerability assessment, patching, and other mitigations to reduce cyber-risk, they are not enough. In fact, vulnerability management can feel like a series of never-ending tasks.

There is no shortage of vulnerabilities under attack by criminals. Last year saw major vulnerabilities, such as Log4Shell, Ruby on Rails (Follina), and Spring4Shell, plus flaws in Google Chrome, F5 BIG-IP, Microsoft Office, and Atlassian Confluence, to name a few.

The Cybersecurity Infrastructure Agency's Known Exploited Vulnerabilities catalog currently lists vulnerabilities in widely used enterprise applications, such as Oracle eBusiness suite, SugarCRM, Zoho, Control Web Panel, and Microsoft Exchange Server.

And common, yet dangerous vulnerabilities persistently make their way into Web applications, such as broken access control, cryptographic failures, security misconfigurations, and vulnerable and outdated components.

However, enterprise security teams can’t consider their jobs done just by mitigating these types of vulnerabilities. As they adopt new technologies, enterprises need to expand their vulnerability and attack surface management programs accordingly.

A new Dark Reading Tech Insight report examines key areas for enterprise security teams to pay attention to: firmware, 5G networks, edge computing, operational technology and IT convergence, cloud vulnerabilities and misconfigurations, vulnerabilities in open source software, and vulnerabilities in continuous software development pipelines. The report details these types of vulnerabilities and how to mitigate them.

10 Vulnerability Types to Focus On This Year

**WOBURN, Mass.****,** **March 22, 2023** **/PRNewswire/ --** Kaspersky has released new survey results showing that one third of crypto owners in the U.S. have experienced theft of their currency or other assets, at an average cost of $97,583. This, and other findings, are part of a new report, "Crypto Threats 2023," based on a survey of 2,000 American adults in October 2022.

Crypto trading has skyrocketed in popularity in recent years. Twenty-four percent of respondents to the survey said they currently own cryptocurrency or other crypto assets. However, scammers are continuously seeking new ways to capitalize on that popularity and defraud users, with tactics such as impersonating legitimate exchanges or launching phishing attacks to steal login credentials. They also use cryptojacking malware to generate currency by stealing computing resources from unknowing victims.

A third of respondents who said they own or have owned cryptocurrency or other crypto assets said they have fallen victim to a fraudulent crypto\-related website, app or investment scam at some point. Among those victims, 19% said they experienced identity theft as a result, while 27% had payment details stolen and money taken from their bank account.

"From fake apps to cryptojacking, there is a long list of threats lurking online to target cryptocurrencies," said Marc Rivero, senior security researcher at Kaspersky's Global Research and Analysis Team. "Without any regulation or established common knowledge, people need to take care to protect themselves. This survey data shows a lot of people are getting their crypto stolen and even experiencing identity theft. Users should keep a close eye out for scams, and should employ any extra security measures that are available to them, such as multi-factor authentication."

The survey revealed that there is often more users could be doing to protect their crypto assets. On average, respondents said the last time they checked on their crypto investments was six weeks ago. Twenty-seven percent of users said they keep their crypto stored in an exchange account with no added protection, while only 34% use multi-factor authentication to protect their account. Only 15% of users said they use a "cold wallet," storing their crypto in external storage not connected to the internet. Thirty-two percent of respondents who own or have owned cryptocurrency or other crypto assets said they have lost access to a crypto\-related account at some point.

The survey also yielded some interested findings with respect to age differences among crypto traders. Thirty-six percent of respondents aged 25-44 said they currently own cryptocurrency or crypto assets, compared to just 10% of respondents aged 55 and up. Older respondents who do own crypto, however, appeared to be doing a much better job at protecting their assets. Just 8% of crypto owners aged 55+ said they have had cryptocurrency or a crypto asset stolen, and only 14% in that age group said they have fallen victim to a fraudulent crypto\-related app, website or investment scam. Meanwhile, nearly half (47%) of crypto owners aged 18-24 said they had been victimized by theft, with 46% saying they've fallen victim to a scam.

The full report is available here.

In order to avoid falling victim to cryptocurrency\-related scams, Kaspersky recommends:

*   Use strong and unique passwords for each of your crypto accounts. This will help prevent password cracking and brute force attacks.
*   Avoid phishing attacks: Be wary of suspicious emails and links, and always double-check the URL before entering your login information.
*   Don't share your private keys: your private keys unlock your cryptocurrency wallet. Keep them private and never share them with anyone.
*   Use security solutions: a reliable security solution will protect your devices from various types of threats. Kaspersky's consumer portfolio prevents cryptocurrency fraud, as well as unauthorized use of your computer's processing power to mine cryptocurrency.

**About Kaspersky**

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments, and consumers around the globe. The company's comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies, and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

SOURCE Kaspersky

Kaspersky Survey Finds One in Three Users Have Experienced CryptoTheft

With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.

In an attempt to fraudulently obtain more than $36 million, a threat actor emailed an escrow officer and their client, a commercial real estate company, while impersonating the senior vice president and general counsel of a trusted partner company. The business email compromise (BEC) attack was caught due to a flaw in a domain name, behavioral AI, and an advanced modeling system.

Included in the email was an invoice and instructions for payment for a loan worth $36.4 million. While this may be a number that might ring alarm bells for anyone else, commercial real estate involves the use of large-sum loans, according to an analysis from Abnormal Security, so there was no initial concern. A false company letterhead was used to legitimize the scam, and the cyberattackers added another reputable real estate investment company to the email chain to make it even more convincing. 

The escrow officer may have fallen for it, but the BEC attempt was caught due to artificial intelligence (AI) technology spotting signs of fraud, such as discrepancies in the wiring instructions, newly registered email domains, and irregular language patterns in the email. In addition to this, there was a minor change in the sender domain from ".com" to ".cam."

Though this attempt was caught, BEC attacks are becoming more popular — increasing by 84% in the first half of 2022 alone. They are continuing to prove to be successful against organizations, particularly those without multifactor authentication or security awareness training.

AI might be increasingly necessary to catch ever-more-savvy BEC attacks. "As attackers shift from executive impersonation to vendor fraud and increase their payment requests, the need for security leaders to keep their organizations safe increases," according to Abnormal Security. "Because modern supply chain attacks use seemingly genuine messages, traditional tools which look for indicators like malicious attachments are becoming less effective."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading