A CISA advisory warns that the Daixin Team ransomware group has put the US healthcare system in its crosshairs for data extortion, and provides tools to fight back.

Daixin Team has actively targeted the US Healthcare and Public Health (HPH) sector since last June, according to a joint advisory issued by the FBI, Cybersecurity and Infrastructure Agency (CISA), and the Department of Health and Human Services (HHS), which provides indicators of compromise (IoCs) and tactics techniques and procedures (TTPs). 

Third-party investigations revealed that the Daixin Team ransomware is based on Babuk Locker source code, targets VMware EXSi servers and encrypts files, the advisory said. 

Officials believe the Daixin Team uses phishing campaigns to steal VPN credentials, and exploits.

"Daixin actors gain initial access to victims through virtual private network (VPN) servers. In one confirmed compromise, the actors likely exploited an unpatched vulnerability in the organization’s VPN server," the advisory explained. "In another confirmed compromise, the actors used previously compromised credentials to access a legacy VPN server that did not have multifactor authentication (MFA) enabled." 

The FBI reported that as of October, the HPH sector makes up a full 25% of ransomware complaints filed to its Internet Crime Complaint Center, and accounted for the most overall ransomware reports during 2021. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ransomware Barrage Aimed at US Healthcare Sector, Feds Warn

Affiliation adds new all-source and counterintelligence, cyber, software development, and identity intelligence capabilities to SilverEdge's growing suite of technology solutions focused on the US intelligence community.

**RESTON, Va., Oct. 24, 2022, (****BUSINESS WIRE****)** — SilverEdge Government Solutions (“SilverEdge”) today announced it has partnered with Counter Threat Solutions, LLC (“CTS”), a leading provider of all source and counterintelligence analysis, identity intelligence, and enterprise IT and data management solutions, which include sophisticated software development and engineering and niche ServiceNow capabilities. The partnership furthers SilverEdge’s objective of serving as the cyber, software, intelligence, and technology solutions provider of choice for the U.S. Intelligence Community (“IC”).

“We are excited to welcome the CTS team to the SilverEdge family,” said Robert Miller, CEO of SilverEdge. “By combining CTS’ capabilities with SilverEdge’s existing cybersecurity, software, and intelligence solutions, we are increasing our cleared workforce to approximately 450 engineers and technical staff whose primary focus is to provide our intelligence customers with the tools required to support critical mission needs."

Founded in 2015 and based in Reston, Virginia, CTS provides technology solutions and related services to key U.S. intelligence agencies. Led by CEO Theresa Keith, a U.S. Army intelligence veteran with more than 20 years of experience in the IC, CTS employs more than 100 technical and mission support specialists, nearly 100% of whom hold high-level security clearances. The company will continue to operate with its current leadership under the SilverEdge platform.

Theresa Keith said, “We are thrilled to be joining SilverEdge, whose tremendous resources, qualified team, and extensive capabilities will enable us to continue to grow our business rapidly and provide additional opportunities for our people. Our team looks forward to working together as part of SilverEdge, contributing our specialized expertise to expand our shared capabilities, and growing our talent pool to serve national security interests and our IC customers.”

Douglas T. Lake Jr., Founder & Managing Partner at Godspeed, remarked, “The addition of CTS to SilverEdge’s comprehensive suite of offerings further enhances the growth potential of the platform as it continues to scale into the leading technology and cybersecurity solutions provider for critical U.S. Intelligence agencies and select mission-oriented Department of Defense customers.”

Nathaniel Fogg, Partner at Godspeed, added, “Following SilverEdge’s recent acquisition of QVine, bringing CTS on board alongside will help to further bolster our commitment to the Intelligence Community. We welcome Theresa and her team to SilverEdge and are excited to be partnering with them.”

CTS was advised by the McLean Group. Latham & Watkins LLP acted as legal advisor to Godspeed.

**About Counter Threat Solutions**

Counter Threat Solutions, LLC (“CTS”) is a leading technology services and solutions company providing mission-focused subject matter experts in all source and counterintelligence analysis, enterprise IT and data management, and identity intelligence services to the U.S. intelligence and defense communities. Learn more about CTS at www.ctstruenorth.com.

**About SilverEdge**

SilverEdge is a next-generation provider of innovative and proprietary cybersecurity, software, and intelligence solutions for the Defense and Intelligence Communities. SilverEdge’s seasoned team of cybersecurity experts, software developers and engineers, and intelligence analysts identify tomorrow’s challenges today and work to empower America’s defenders with the tools and solutions needed to address our National Security Community’s toughest challenges. SilverEdge is based in Columbia, MD. For more information, please visit the SilverEdge website at www.silveredge-gs.com.

**About Godspeed Capital**

Godspeed Capital is a lower middle-market Defense & Government services, solutions, and technology focused private equity firm investing alongside forward-thinking management teams that seek an experienced and innovative investment partner with unique sector expertise, operational insight, and flexible capital for growth. While a typical investment will involve companies generating approximately $3 million to $30 million of EBITDA, Godspeed Capital has significant support to complete larger transactions through strategic co-invest relationships. The firm focuses on control buyouts, buy-and-builds, corporate carve-outs, and special situations. For more information, please visit the Godspeed Capital website at www.godspeedcm.com.

Godspeed Capital-Backed SilverEdge Partners with Counter Threat Solutions

Comprehensive CNAPP coverage for Kubernetes and containers in a single solution.

**WALTHAM, Mass., Oct. 24, 2022 /PRNewswire/** — Uptycs, provider of the first unified CNAPP and XDR solution, today announced enhanced Kubernetes and container security capabilities. These new features provide threat detection for container runtime correlated with the Kubernetes control plane attacks alongside scanning of container images in registries for vulnerabilities, malware, credentials, secret keys, and other sensitive information.

According to the latest Cloud Native Computing Foundation survey, 96% of organizations are either using or evaluating Kubernetes — the highest percentage since the surveys began in 2016.1 Yet many organizations are not prepared to detect threats against these new deployments. "Kubernetes-orchestrated clusters are essentially 'clouds within clouds.' The monitoring and visibility of the Kubernetes logs, network flows and application behaviors within the cluster should be baselined and analyzed for indications of compromise," recommends Gartner.2

Organizations can detect attacks against their Kubernetes deployments by adopting a shift up approach to cybersecurity, in which telemetry emanating from Kubernetes clusters and containers, laptops, and cloud services is normalized at the point of collection, but processed, correlated, and analyzed in a data lake.

Unlike siloed endpoint and cloud security solutions, Uptycs protects the entire arc of cloud-native application development, from the developer's laptop to container runtime. "Threat actors know a developer's laptop is often just one hop away from cloud infrastructure," said Ganesh Pai, co-founder and CEO of Uptycs. "Uptycs correlates risk signals from the modern attack surface for lightning-fast, contextualized detection and response. We do this with our unique, telemetry-powered approach and Detection Cloud. It's a shift up approach to cybersecurity that brings together multiple teams and types of IT infrastructure into a unified data model and UI."

"Our security team is organized around six domains, including threat detection and response, risk and compliance, application security, data security, infrastructure security, and enterprise security," said Anwar Reddick, Director of Information Security at Greenlight Financial. "Having a single solution like Uptycs that traverses these domains, and contextualizes threat activity across multiple asset types like Kubernetes, cloud services, and laptops improves cross-domain collaboration and insights. As a result, we've dramatically shortened our threat investigation time."

New Kubernetes and container runtime security features include:

*   **Kubernetes threat detections** — Combines anomalous Kubernetes actions with actions on a granular container lever, Uptycs is able to observe in real-time and store the behavior for investigation; this reduces mean time to detection (MTTD), collects forensic evidence for investigation, and determines the full scope of the incident as it happens
*   **Registry scanning** — Enables the ability to look for vulnerabilities in container images in a registry; Uptycs supports many registries, including AWS ECR, Azure Container Registry, DockerHub, and jFrog Artifactory
*   **Secret scanning** — Provides the ability to look for private keys, credentials, and other secrets stored in container images
*   **NSA/CISA hardening checks** — Ensures that Kubernetes deployments are set up per the updated hardening guidance provided by the U.S. National Security Agency and Cybersecurity and Infrastructure Security Agency. For example, ensuring that pod security and network security policies are in line with guidance

Uptycs fills in security visibility gaps with a single solution to protect container-based applications, whether they are run on-premises or in the cloud, from bare-metal to a serverless deployment. With Uptycs, customers can identify vulnerabilities early in the process, verify secure configurations, ensure compliance posture against standards like CIS benchmarks for Linux and Docker, and continuously monitor the runtime in production.

Uptycs was recognized as a Sample Vendor for Container and Kubernetes Security in the Gartner Hype Cycle for Application Security, 2022 and the Gartner Hype Cycle for Network and Workload Security, 2022. In addition, Uptycs was recognized as a Sample Vendor in the report from Gartner, Emerging Tech: CIEM Is Required for Cloud Security and IAM Providers to Compete.

Uptycs will be at KubeCon + CloudNativeCon from Oct. 24 - 28, 2022 in Detroit, Michigan. To learn more, please stop by booth #G29 or visit: https://www.uptycs.com/lp-kubecon-2022-request-a-meeting

**Resources**

*   Uptycs Live Webinar: Kubernetes and Container Security with Uptycs
*   Blog: Detecting Threats to the Kubernetes Control Plane
*   Self-Guided Product Tour: Uptycs KSPM and CWPP
*   Follow Uptycs on LinkedIn and Twitter
*   Request a demo

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Note: All new features will be available to Uptycs customers in Q4, 2022.

**About Uptycs**

Your developer's laptop is just a hop away from cloud infrastructure. Attackers don't think in silos, so why would you have siloed solutions protecting public cloud, private cloud, containers, laptops, and servers?

Uptycs reduces risk by prioritizing your responses to threats, vulnerabilities, misconfigurations, sensitive data exposure, and compliance mandates across your modern attack surface — all from a single platform, UI, and data model. This includes the ability to tie together threat activity as it traverses on-prem and cloud boundaries, thus delivering a more cohesive enterprise-wide security posture.

Looking for acronym coverage? We have that, too, including CNAPP, CWPP, CSPM, KSPM, CIEM, CDR, and XDR. Start with your Detection Cloud, Google-like search, and the attack surface coverage you need today. Be ready for what's next.

Shift your cybersecurity up with Uptycs. Learn how at: https://uptycs.com

1 Cloud Native Computing Foundation, CNCF Annual Survey, February 2022 https://www.cncf.io/reports/cncf-annual-survey-2021/  
2 Gartner, "How to Make Cloud More Secure Than Your Own Data Center," Neil MacDonald, Tom Croll, April 2021 https://www.gartner.com/document/3970177

**SOURCE:** Uptycs

Uptycs Introduces Detections that Correlate Threat Activity from the Kubernetes Control Plane and Container Runtime

Best-in-class awareness training comes after a marked increase in cybersecurity risks and attacks in 2022.

**PITTSBURGH, Oct. 24, 2022 /PRNewswire/** — Today, Hornetsecurity launches a next-generation Security Awareness Training, to better equip employees to counter cyber-attacks, building on its international reputation as a cybersecurity leader.

Cyber criminals are constantly innovating and attacks are on the rise: Hornetsecurity's 2022 Ransomware Report found that 60% of attacks came from phishing attempts. Many attackers exploit human vulnerability to phishing and fraud, so this new training service integrates the human factor into the cybersecurity cycle — bolstering this weaker link in the defence chain.

**Systems and tools are only as secure as their users**

Even with the best cybersecurity offering in place, there is always room for human error, which is why many cybersecurity insurance providers demand awareness training for employees. The new training from Hornetsecurity highlights the individual's importance in establishing an organisation's human firewall — and how essential each and every employee is in corporate cybersecurity, from prevention to protection, to response and recovery. In doing so, it helps companies establish a sustainable security culture.

**An easy service that helps build a security mindset**

Hornetsecurity's automated training is innovative in that it is simple, rather than maintenance-intensive, for customers. The Awareness Engine is the technological heart of the Security Awareness product, offering bespoke, needs-based training: each user receives as much training as is necessary. Its Patented Spear Phishing Engine simulates sophisticated attacks to build knowledge of attacks.

To measure progress, it uses the Employee Security Index (ESI®) as an industry-wide unique benchmark, constantly measuring and comparing the organization's and employee security behaviour.

It is available via subscription licensing, as a standalone service, or as an addition to Hornetsecurity's email security services, such as 365 Total Protection.

**Training possible thanks to acquisition of IT-Seal**

Hornetsecurity has always seen education as a key part of cybersecurity, providing ebooks, webinars and reports. The acquisition of IT-Seal in May 2022 further expanded Hornetsecurity's education capabilities. Alongside its established email security and backup and recovery solutions, all aspects of the awareness-prevention-detection cycle are now covered.

Commenting on the Security Awareness Training launch, **Daniel Hofmann, Hornetsecurity CEO says:** _"With cyber-attacks on the rise, it's increasingly important for organisations to implement a cybersecurity ecosystem that includes education and robust email security functionality for prevention as well as back up for recovery. Our new offering specifically supports and guards against very human vulnerabilities to phishing and other cyber risks._

_"The Security Awareness Training product adds great value to our portfolio, bringing us closer to our goal of being one-stop vendor for next-gen security, backup and compliance for our partners and customers, with a special focus on Microsoft 365. It has already been implemented by global customers, including BMW Group and FC Bayern Munich._

_"This is part of a very exciting 2022 and 2023 growth pipeline and we're looking forward to continuing this momentum."_

For more information, please click here.

**About Hornetsecurity**

Hornetsecurity is the leading security and backup solution provider for Microsoft 365. Its flagship product is the most extensive cloud security solution for Microsoft 365 on the market, providing robust, comprehensive, award-winning protection: Spam and virus filtering, protection against phishing and ransomware, legally compliant archiving and encryption, advanced threat protection, email continuity, signatures and disclaimers. It's an all-in-one security package that even includes backup and recovery for all data in Microsoft 365 and users' endpoints.

Hornetsecurity Inc. is based in Pittsburgh, PA, with other North America offices in Washington D.C., and Montreal, Canada. Globally, Hornetsecurity operates in more than 30 countries through its international distribution network. Its premium services are used by 50,000+ customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, and CLAAS.

**SOURCE:** Hornetsecurity

Hornetsecurity Launches Next-Generation Security Awareness Training to Help Organizations Strengthen Their Human Firewall

A multilayered attack technique that took center stage in 2020 and has only grown more endemic.

The mention of "election security" among cybersecurity practitioners typically conjures up concerns about voting machine tampering, vulnerabilities, and the possibility of data breaches. But there's more to it than hardware, software, and process. Misinformation and disinformation are extremely pressing problems that are commingled with traditional cybersecurity — a multilayered attack technique that took center stage in 2020 and has only grown more endemic since.

Time may be running out as the midterms approach, but security teams on the front lines — those that work with voting equipment manufacturers, businesses that supply component parts, and those within government agencies responsible for ensuring the integrity of election equipment — can still take integral steps to combat this very dangerous threat.

As far as misinformation and disinformation are concerned, neither is a new concept. The practice of spreading mis- and disinformation (aka "fake news") can be traced back as far as circa 27 BC, when then Roman emperor Caesar Augustus spread lies about his nemesis, Mark Antony, to gain public favor.

"Misinformation" is the unintentional spread of disinformation. "Disinformation" is the intentional spread of false information that is purposely meant to mislead and influence public opinion. This may contain tiny snippets of factual information that have been highly manipulated, helping to create confusion and casting doubt on what's fact and what's not.

In just the past few weeks, a clerk in Mesa County, Colorado, entered a not guilty plea for charges relating to her alleged involvement with election equipment tampering. She, alongside a colleague, are being held accountable for providing access to an unauthorized individual who copied hard drives and accessed passwords for a software security update (the passwords were later distributed online). The accused clerks publicly spread disinformation about election security prior to the incident.

In Georgia, election officials recently decided to replace voting equipment after forensic experts hired by a pro-Trump group were caught copying numerous components of the equipment, including software and data. It has not been found that the outcome of the election was impacted, but the fact of compromise sows the seeds of doubt and begs the question: How and where could the stolen data be used again to influence elections?

And back in February 2022, election officials in Washington state decided to remove intrusion detection software from voting machines, claiming that the devices were part of a left-wing conspiracy theory to spy on voters.

And unfortunately, the preponderance of public platforms on which anyone can voice an opinion on a topic — even if it's without a shred of factual information — makes it simple for that voice to be heard. The result is constant public questioning about the veracity of any information and data.

The amount of dis- and misinformation that can be spread grows proportionally alongside the cyberattack surface. Reasonably, the more places people can post, share, like, and comment on information (of any ilk), the wider and farther it will spread, making identification and containment more challenging.

**Be Proactive When Fighting Back Against Disinformation**

Needless to say, it's best to be proactive when building systems, deploying tools, and implementing cybersecurity controls. But attacks are also inevitable, some of which will be successful. To maintain trust, it's imperative to institute fast, reliable identification and remediation mechanisms that reduce mean time to detect and respond.

Recommended practices that will work to slow this impending threat include:

*   **Continuously monitor infrastructure:** Identify all relevant systems in use, who/what is using those systems, and how those systems are used. Set baselines for usual and expected activity, and then monitor for anomalous activity. For example, look for unusually high levels of activity from system or user accounts. This may be indicative that a malicious user has taken over an account, or that bots are being used to disrupt systems or send disinformation.

*   **Test all systems:** Whether the software/hardware used in voting machines or the people who have/need authorized access, test for vulnerabilities and weaknesses, apply remediation where possible, and triage any identified issues along the way.

*   **Verify who has access to systems:** Apply multifactor authentication to prevent account takeover and verify human versus bot activity to help prevent the malicious use of bots in spreading disinformation.

*   **Profile:** Understand the most likely targets/subjects of election-related mis-/disinformation. These are often high-profile individuals or organizations with strong political stances (and, of course, the candidates themselves). It may be necessary to place greater security controls on those individuals' accounts to protect against data leakage, account takeover, smear campaigns, etc. Use the same methods for protecting systems/tools/technologies threat actors use to create and disseminate false information.

*   **Apply machine learning:** Study digital personas, bot activity, and AI-generated campaigns. Use baselines for "normal" behavior to contrast with anomalous behavior. Machine learning can also be used for keyword targeting — identifying certain words or phrases used by people propagating disinformation and misinformation. When problematic language is used — or language is found that indicates an attack may be in the planning — flag activity or automate security controls to have it analyzed and removed or quarantined.

It is unfortunately the case that humans will continue to manipulate machines for their own benefit. And in today's society, machines are used to influence human thinking. When it comes to elections and election security, we need to be focused just as heavily on how machines are used to influence the voting public. When this "influence" comes in the form of misinformation and disinformation, cybersecurity professionals can be a huge help in stopping the spread.

Cybersecurity's Role in Combating Midterm Election Disinformation

Security, DevSecOps, and DevOps teams can now build transparent trust in the software they deliver or use.

**TEL AVIV, Israel, Oct. 24, 2022 /PRNewswire/** — Scribe Security announced today the launch of its unique evidence-based security trust hub, offering for the first time true end-to-end software supply chain security.

In recent years, software supply chains — both open-source and proprietary CI/CD pipelines — have become more attack-prone than ever before. In 2022, Gartner listed digital supply chains as a top trend to watch and a major rising attack surface. That puts the integrity of organizations' code, customers, and brand reputation at risk. Even one bad software component or a security gap in the CI/CD that may lead to malicious access to the development environment can be enough.

Security professionals, software engineers, and DevOps teams are challenged with building transparent, evidence-based trust in the software they use or deliver. Scribe Security took the lead and became the first vendor to introduce the concept of one, consolidated hub for security evidence for software products, launching a friendly and easy-to-use platform.

Unlike other software supply chain security solutions, Scribe's evidence-based security hub supports a workflow for sharing software bill of materials (SBOMs), along with other security aspects of software, across or within enterprises, making software products' security transparent to customers, buyers, and security teams.

_"SBOM is a best practice that is expected to become widely required and used to mitigate software supply chain risks. With that in mind, we decided to be the pioneers and launch a simple-to-use platform that serves as a hub for a plethora of security evidence for software products," said **Rubi Arbel, Scribe Security Co-founder, and CEO**. "Scribe's platform offers a complete self-serve experience. It is easy to implement and use, as it is plugin and CLI-based. And finally, you can start with a freemium, no strings attached."_

Scribe continuously attests to the software's trustworthiness, so stakeholders can:

*   Ensure a secure development process
*   Build and enforce SDLC processes
*   Validate that the code is tamper-free
*   Gauge compliance to software supply chain standards such as SSDF and SLSA

_"Validating software integrity is challenging," said **Danny Nebenzahl, Scribe Security Co-founder, and CTO**. "Today, we introduce to the market a novel technology that offers a holistic solution for continuous and evidence-based assurance of software components and artifacts as well as CI/CD processes. We make sure that the entire software supply chain is not tampered with. With the Scribe platform, teams can generate, manage and share SBOMs, validate integrity, and track vulnerabilities of their containers, dependencies, and pipelines."_

Scribe platform key features:

*   Automatically generate, and manage SBOMs and security insights
*   Validate the code integrity and provenance
*   Track vulnerabilities in the containers, dependencies, and pipelines
*   Detect code tampering
*   Continuously demonstrate compliance with supply chain regulations and best practices
*   Selectively share all this, in a controlled manner, with stakeholders internally across organizations

**About Scribe Security  
**_Scribe Security was founded by cyber security and cryptography veterans on a mission to build and provide innovative end-to-end software supply chain security solutions._

_We applied our expertise to create a novel platform that leverages leading concepts and frameworks to deliver uncompromising security to code artifacts, from production to delivery throughout the entire software lifecycle. For more information:_ https://scribesecurity.com/

**SOURCE:** Scribe Security

Scribe Security Launches Evidence-Based Security Trust Hub

Nok Nok, an inventor of FIDO authentication standards, announces full support for passkeys in its S3 Authentication Suite that allows organizations to replace passwords.

**San Jose, Calif., Oct. 24, 2022** — Nok Nok, a leader in FIDO customer authentication (Fast IDentity Online) and a founder of the FIDO Alliance, today announced full support for passkeys — the FIDO and key-based passwordless sign-in technology standard for replacing passwords.

As stated in Verizon’s 2021 Data Breach Investigations Report, over 80% of successful cyber-attacks start with an account takeover with cybercriminals using sophisticated phishing strategies to steal account credentials based on passwords and personal secrets. With cybercrime accelerating dramatically, online service providers are now only beginning to understand the real cost and risk of propagating the use of passwords and the legacy security infrastructure used to store and use them.

**The arrival of passkeys, the replacement for passwords**

Passkeys — the new name for passwordless FIDO credentials — are widely viewed as the replacement to end the use of passwords. Current FIDO standards for single-device passkeys are supported by major platforms today. In May 2022, Apple, Microsoft and Google announced multi-device passkeys will be natively available in the OEMs’ devices, operating systems and platforms to enable safer, faster, and more consistent sign-ins to consumer online services across web and mobile devices.

By offering the same safety and convenience for signing into online services as the trusted biometric authentication consumers use to sign into their devices, FIDO passkeys offer consumers modern, safe and fast access to all of their online services and in the future, to their in-home and IoT devices, and even to their vehicles.

To implement passkeys, online service providers must leverage a FIDO authentication server and related client software to support both single-device and multi-device passkeys.

**S3’s innovative approach to passkeys**

As an early inventor of FIDO specifications, Nok Nok and its S3 Authentication Suite offer the first customer passwordless authentication platform built from the ground up based on FIDO standards, with full support for both single-device and multi-device passkeys. Nok Nok’s S3 Suite provides privacy-compliant, passwordless authentication across platforms and is designed to operate in the most demanding consumer environments, at global scale. Nok Nok’s S3 Authentication Server also offers FIDO features that enable online service providers to offer safe and secure passkey access to consumer services leveraging home, entertainment and IoT devices.

For companies that have not yet incorporated FIDO-enabled technologies into their services, with the Nok Nok S3 solution they can now support traditional FIDO single-device credentials and the latest multi-device passkeys with a single authentication infrastructure. For companies who have already transitioned some or all of their customer authentication to leverage FIDO standards, with the Nok Nok S3 solution they can fully support passkey credentials with no code changes. For Nok Nok customers already supporting Nok Nok iOS FIDO authentication, the currently available passkeys “just-work.”

As stated by Dr. Rolf Lindemann, Nok Nok’s VP of Products and one of the original authors of the FIDO standard, “_Nok Nok has been working with the industry and our large customers to operationalize the FIDO protocols in the real world with real world benefits. This discipline of commercializing FIDO innovations has led to an extensive portfolio of patented FIDO capabilities and to the evolution from single device keys to multi-device passkeys.”_

Dr. Lindemann shared, _“For our customers who have already adopted our S3 platform, no code changes are required to support passkeys on iOS 16+ and we support the device public key option announced for Google’s Android. Additionally, our S3 Suite allows native consumer apps to combine single-device credentials through FIDO “silent authenticators” with multi-device credentials to improve the control of relying parties - even on platforms not supporting the device public key option, simplifying regulatory compliance.”_

The advanced granular adaptive orchestration of Nok Nok’s S3 authentication platform includes a rules engine that allows replying parties to easily configure sign-up, sign-in and recovery flows for passkeys that dynamically respond to contextual user data. In addition, Nok Nok’s S3 Intelligent Passwordless AuthenticationTM enables user experience flows to automatically respond to the (FIDO) authenticator characteristics of their consumers’ devices in real-time with passkeys.

**The FIDO benefits trifecta**

By making use of authentication signals on consumer devices, with FIDO sign-up and sign-in, Nok Nok’s customers have created seamless user experiences that remove friction and complexity associated with authentication and account recovery, which dramatically increases the speed and success rates of sign-in.

Many of Nok Nok’s banking, telco and fintech customers have achieved sign-in success rates of 99.5% and sign-in speed increases of 100% to 200% - with today’s single-device passkeys. Since multi-device passkeys are expected to dramatically increase consumer FIDO adoption across OEM devices, these substantial benefits are now available to all online service providers who support passkeys by implementing a leading FIDO server with robust authentication capabilities such as Nok Nok’s S3 Suite.

In addition, reductions in sign-up, sign-in and account recovery friction result in a material reduction of calls into customer care centers. At an industry-average cost of $70-$90 per call to remediate account-related problems, the adoption of FIDO passkeys can save online service providers millions of dollars in annual OPEX.

Last but most important, FIDO passkeys protect consumers from account takeovers that start with stolen credentials. Passkeys are described as “phishing-resistant”, although some of the OEMs have stated passkeys are “unphishable”. In sign-ins that only use passkeys, the keys are accessed during sign-in, but passkeys remain on the device and server. The keys are never passed for attackers to steal enroute - protecting consumers from sophisticated phishing attacks.

“_Ten years ago our founding industry group designed FIDO as a new framework for providing better usability, security and privacy. We also intended the framework to reduce the cost and complexity of enterprise infrastructure. Today, FIDO passkeys offer the trifecta of business benefits — improved customer security and privacy with less friction and lower operating cost to the enterprise. Passwords are the single greatest pain point on the internet and at Nok Nok, we are thrilled to announce our seamless platform support for consumer passkeys — signaling the beginning of the end of passwords worldwide,” said Nok Nok CEO Phillip Dunkelberger._

**About Nok Nok**

Nok Nok is a global leader in passwordless consumer authentication. Delivering the most innovative FIDO services for the authentication market today, Nok Nok empowers global organizations to dramatically improve their user experience and security, and reduce operating expenses, while meeting the most advanced privacy and regulatory requirements. The Nok Nok™ S3 Authentication Suite integrates into existing security environments to deliver proven, FIDO-standards-based passwordless consumer authentication. Headquartered in Silicon Valley, California, the company has delivered unique inventions and innovations that are protected by a robust global patent portfolio. As a founder of the FIDO Alliance and an innovator of FIDO standards, Nok Nok is an expert in modern consumer authentication. Nok Nok’s global customers trust their customer authentication with the S3 platform and include Verizon, Intuit, T-Mobile, BBVA, NTT Docomo, MUFG, Japan Post Bank, AFLAC, Standard Bank, Fujitsu Limited, and Hitachi. For more information, visit www.noknok.com.

Nok Nok, a Global Leader in Customer Passwordless Authentication, Releases Full Support for Passkeys

Security teams that embrace low-code/no-code can change the security mindset of business users.

Security teams constantly strive for mindshare and alignment within the business. Seasoned security leaders often describe how security needs to serve the business and how it depends on business buy-in about the importance of security to succeed. As a result, security teams invest a lot in raising security awareness, educating business users, and explaining why security is crucial to the business and cannot succeed without business users.

Without buy-in from business leaders, security teams can apply security measures only through formal gates, enforced controls, and corporate policies that, without proper communication, can often cause frustration and end up making the business buy-in problem worse. When business teams see security as a business-enabler, however, the conversation changes completely. People reach out to security to get input early on in the process, and security teams can focus on helping teams assess where to invest their security efforts.

This dynamic is so fundamental to organizations that often security leaders focus most of their efforts on building relationships with business leaders to get that executive buy-in. In the best cases, that also translates to bringing business units and security teams closer together. With this lens, we can see just how important and transformational DevSecOps is. Suddenly, development teams more easily collaborate and even sometimes lead the effort for better security. The indirect effect of having more people — that is, developers, not just security professionals — thinking with a security mindset can be transformational to the ability of the security team to make big strides forward.

An organization where lots of developers understand and push for security in their day-to-day work is far more likely to go along with large security projects like rolling out a new identity system or applying zero trust, even though those might require some patience from users during implementation. This indirect effect could end up being much more important than the fact that we now have automated security tests as part of the CI/CD, even though those are important as well.

**Bringing Developers Closer to the Security Mindset**

One possible explanation for the success of DevSecOps is the value of automation. Whether it's through catching syntax errors, identifying an insecure dependency, or detecting hard-coded secrets, automated security testing helps developers achieve more in less time. The argument that automation is the reason why developers are jumping on the security bandwagon seems to imply that developers always saw the importance of security but lacked the resources to act on it.

While automation is extremely helpful, I find that the change in mindset for some development teams is far greater than just a change in the resources discussion. More and more developers are seeing security as part of their responsibility, rather than the responsibility of someone else.

There is a bigger shift here than just a reduction in the cost of applying good security practices. Security teams started talking to developers in the language of developers, rather than the language of security. This is a crucial point. Instead of painting a beautiful picture of how security should work, DevSecOps shifts the conversation to a much more practical one: How do we make one step forward to where our developers actually are?

Note that the goal remains the same — guiding developer teams toward a beautiful picture of how security should work. However, crucially, we start off at the practical side of the discussion and help guide every step of the journey rather than describe a future that seems far away or even impractical.

By shifting the security conversation to the language of developers and meeting them where they are, security teams and developers now share a security mindset, which helps with both day-to-day operations and the large security strides forward that require developer buy-in.

While the success with developers is important, security still struggles with getting mindshare for a much larger portion of corporate employees, namely business users. Can we apply lessons learned from DevSecOps to bringing business users closer to security?

**The Times They Are A-Changin'**

In recent years, business units have been experiencing a tectonic shift brought forth by low-code/no-code platforms. By gaining the skills required to facilitate business processes or create custom applications on their own, business units have drastically reduced their reliance on IT and continue to accelerate digital transformation. Leading analyst firms predict that most enterprise applications will be developed using low-code/no-code by 2025, and surveys reveal that business users are already a large part of — and in some cases, the majority of — low-code/no-code builders.

The trend of business users becoming builders can be both a challenge and an opportunity for security teams. If left outside of security's perceived scope of responsibility, it will lead to a significant growth in shadow IT. However, it also presents an unprecedented opportunity to cultivate a security mindset with business users. If DevSecOps made developers more security-aware, an equivalent for low-code/no-code could do the same for business users. As with developers, the fundamental change of bringing business users closer to the security mindset would mean drastically increasing security mindshare across the organization. Low-code/no-code presents a unique security awareness opportunity.

When trying to capture the security awareness opportunity that low-code/no-code presents, we should apply the lessons we learned from DevSecOps by meeting business users where they are. The low-code/no-code development process significantly differs from pro-code DevOps. Many business users nowadays are building their applications and automating their processes with low-code/no-code. Security teams should familiarize themselves with those platforms and their development processes, and learn how to talk about security for such purpose-built applications in the native language of business development.

Low-code/no-code is so dominant with business users that it is already being used for business-critical applications within many organizations even if their security teams don't know about it. With analysts predicting that 70% of new enterprise applications will be built with low-code/no-code in three years, it is apparent that we have a unique window of opportunity to affect the way that these applications will get built. But even more importantly, this is an opportunity to influence the next generation of developers — namely business users — and the way they will think about security and their roles in it.

Embracing the Next Generation of Business Developers

Similar to what happened around the 2020 election, FBI warns that the Emennet Pasargad group is poised to target officials and companies with embarrassing hack-and-leak campaigns.

Although the Iranian threat group Emennet Pasargad is largely dedicated to launching attacks against Israeli officials, the FBI warns the group is likely to engage in hack-and-leak operations against US interests — namely the upcoming midterm elections.

The latest FBI advisory explained that Emennet tactics usually involve a breach, data theft, data leak, and amplification of leaked data on social media; often they leave encryption malware behind, for good measure. The group was active during the 2020 presidential elections, and the FBI is warning they are likely to reemerge as Americans vote in the November midterm elections.

Adding to the alarm, the FBI said Emennet was linked to a cyberattack on a US organization within the past year, demonstrating the group is still an active threat.

"The FBI assesses the purpose of these operations is to undermine public confidence in the security of the victim's network and data, as well as embarrass victim companies and targeted countries," the advisory said.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

FBI: Iranian Threat Group Likely to Target US Midterms

Software makers and customers will be able to query graph database for information about the security and provenance of components in applications and codebases.

A new open source initiative Google announced this week could move the needle forward on industrywide efforts to address software supply chain security issues.

The project is called GUAC, or Graph for Understanding Artifact Composition. Once available, GUAC will give developers, security teams, auditors, and other enterprise stakeholders a central source for information about the security, provenance, and overall trustworthiness of the individual components in their applications and codebases.

GUAC will collect and synthesize all the information needed for such analysis — such as software bill of materials, known vulnerability information and signed attestations on how a particular software might have been built — from multiple sources. Users will be able to query GUAC for information on the most-used critical components in their software, associated dependencies and any potential weaknesses, and vulnerabilities in them. 

According to Google, GUAC will also let software and security teams determine if an application they are about to deploy meets organizational polices, and if all binaries in production can be tracked back to a secure repository.

**Multiple Use Cases**

In addition to being useful from a proactive security and operational security standpoint, GUAC will also help organizations respond more effectively to identified threats, Google said. For instance, when a new vulnerability is disclosed, organizations will be able to use GUAC to determine which parts of their software inventory might be affected. Similarly, if an open source component has been deprecated, GUAC can help development and security teams quickly assess the impact on their environment.

Brandon Lum, senior software engineer on Google's Open Source Security team, says organizations will be able to deploy GUAC internally or use it as an external source for vetting their software metadata. 

"GUAC will pull from a variety of sources, including GitHub, Sigstore, and open source package managers," Lum says. "If run in an organization, GUAC can be configured to pull from internal sources and will be able to include organization or vendor specific assertions or certifications."

Many of these are capabilities that mainly large organizations have begun implementing in response to growing concerns over vulnerabilities and risks in the software supply chain. Attacks on companies like SolarWinds and Codecov showed how threat actors could compromise organizations on a mass scale by planting malware in software updates from trusted vendors. 

More recently, threat actors have begun planting malicious code in widely used public code repositories with the goal of tricking development teams and automated build tools to download the malware into their organizations.

**Heightened Concern**

The trend is driving organizations to pay closer attention to the security of their software components. It is heightening focus on practices such as generating or requiring a software bill of materials (SBOM) for their software and to using security frameworks such as Supply chain Levels for Software Artifacts (SLSA) to protect against tampering and vulnerable components. An executive order signed by President Biden in May 2021 explicitly requires all federal civilian executive branch agencies to maintain SBOMs for software they develop internally and requires them for any software they procure from an outside vendor or contractor.

Much of the information required for organizations to vet their software supply chain already exists in various forms. GUAC will bring all the data together in a standard form and democratize its availability, according to Google. 

Anyone will be able to use GUAC, Lum says. "GUAC is designed to run \[both\] as a public service or internally in an organization," he says. "For example, an organization can run GUAC internally for their proprietary software and query a public instance for vendor or open source software."

Nigel Houghton, director of marketplace and ecosystem development at ThreatQuotient, says there are several processes and tools associated with software supply chain security, such as those for generating SBOMs or for checksums and signatures that can be used to validate a particular piece of software. 

"There are many such sources of information but no real way to consolidate that information into one place," Houghton says. "\[GUAC\] is an attempt to do that and is desperately needed in the industry."

Houghton sees GUAC as benefiting both consumers and producers of software by enabling greater visibility into the security of the software supply chain. 

"It gives vendors the chance to show the security of their software supply chain and also gives them the visibility into their own supply chain security that they can better manage it," he says. "But, ultimately, the consumer benefits the most as it means they can also validate the supply chain for the software they are purchasing or using."

**GUAC Prototype**

GUAC is a good start to solving a hard problem, says Scott Gerlach, co-founder and CSO at API security testing vendor StackHawk. The trick will be to get open source developers to participate in this kind of program. 

"What is their incentive?" Gerlach asks. "Most often, these are people who work on projects out of a passion for problem-solving and deep curiosity. Incentivizing OSS devs to participate will be the key to GUAC's success." 

That's a viewpoint that Houghton holds as well. "The biggest challenge here is going to be adoption by the software industry as a whole," he says. But since GUAC is a project that comes under the OpenSSF, it should have a good chance of adoption at least for Linux-based projects, he says.

Mike Parkin, senior technical engineer at Vulcan Cyber, sees other issues. "Consolidating and normalizing the vast amount of data they plan to ingest will be the first challenge," he says. The other is finding a way to visualize the data in a manner that's both useful and usable. 

"If they can accomplish that, then getting people to accept it and use it will be considerably easier," he says.

Google has developed a prototype version of GUAC in collaboration with researchers at software supply chain security start-up Kusari, Citi, and Purdue University. The company is currently seeking contributors to the effort.

Source

DARKReading