Consumers gain control of their data while companies build better relationships with their customers — but third-party ad-tech firms will likely continue to stand in the way.

For more than two decades, the economic advantages of third-party firms' collection of information on consumers stymied technologists' dreams of giving people more control over their data and inhibiting the collection of personal information.

Now, faced with increasing privacy regulations and penalties, public agencies and private-sector businesses are leaning into the concept of "no-party data" — information shared by the consumer directly with a company with which they have a relationship that can still be used to personalize their experience. As a result, technology firms and academic researchers are developing data architectures to support no-party data technologies while giving control — and more data security — to the consumer.

Sometimes called "zero-party data," the no-party data movement has gained traction because of the consumer pushback against third-party advertising-technology firms, which often collect data against the consumer's wishes, says Ant Phillips, chief technology officer for Celebrus, which announced its no-party solution earlier this month.

"Third-party data collection and data sharing is not something that consumers ever signed up for — they did not wake up and say, 'I want to share my data with lots of companies,'" he says. "The business case \[for no-party data\] is around brands wanting to do the right thing for consumers because most consumers do not have a problem trusting certain brands, but they don't want to spread their data all around the Internet."

**The Struggle Is Real**

Giving consumers control over what information is collected about them has been a long struggle. In the late 1990s, pro-privacy firm Zero Knowledge Systems attempted to create a certificate-based system that could attest to certain consumer attributes — such as being an adult — without the need for personal identification. In 2008, Microsoft pursued the technology in its U-Prove system, after acquiring the company Credentica, which was founded by Stefan Brands, a former ZKS cryptographer.

For the most part, those technologies could not compete with the business success of ad-tech firms using third-party cookies.

The result is that privacy-conscious consumers actively fight against cookie tracking, and policymakers and browser developers have followed suit. In 2017, Apple announced its Intelligent Tracking Prevention, which would block tracking through third-party cookies, much to the consternation of advertisers. Since 2018, the European Union has required advertisers to get users' consent to use third-party cookies. And in 2019, Mozilla announced that its Firefox browser would block third-party cookies; Google followed suit, pledging to phase out third-party cookies in 2023. Facing low opt-in rates, companies have resorted to the deceptive design of the dialog boxes that ask users to consent to using their data.

With significant resistance to data collection, companies have focused on engaging with consumers. No-party data — which analyst firm Forrester Research calls "zero-party data" — is information collected directly from the consumer. It is typically collected through preference settings or micro-experiences, where a product maker or service provider will directly ask a consumer about their habits.

Zero-party data is the future, says Stephanie Liu, an analyst with Forrester Research.

"​The principles of zero-party data are going to be the foundation of data collection moving forward: transparent, consented, and provides value back to the consumer," she says. "Brands are historically terrible at asking consumers for data. ... But as consumer data gets harder to acquire, companies need to invest in the strategy and tech of what they're going to ask of consumers, how, and what benefit they'll deliver in return."

**'Creepy' Targeted Advertising**

The battle between advertising firms and privacy advocates often centers around tracking of citizens across websites. While tracking people through their real life is usually prohibited, large online ad-tech firms are able to effectively stalk consumers across the Internet. Currently, more than 80% of US citizens believe they lack control of the data collected about them by companies and the government, and they believe that businesses collecting data poses risks that outweigh the benefits, according to a survey by the Pew Research Center.

A significant part of the problem is that, despite the data collection, advertising either seems to miss the target or is so accurate that it's borderline creepy. In addition, ad-tech firms often catch behavior that has nothing to do with consumer buying intentions or habits, and they often use information in ways consumers would not approve. Policymakers have recognized the unintentional privacy costs of the third-party data market, passing regulations such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Protection Act (CCPA) and similar legislation in the United States.

For all these reasons, the third-party data model is broken, argues Celebrus' Philips. Consumers do not want to be tracked, and the slight benefit of ad-tech firms' capability to tailor marketing is greatly outweighed by the privacy risks posed by the technology and the fact that advertising firms' predictions of consumers' interests are often not accurate.

"From an economics view, the whole model is wasted capital — it's an economic waste," he says. "One misplaced ad is not going to break the bank, but in aggregate it is inefficient."

With no-party data, the consumer offers up information about themselves. Yet they still want to retain control of the data. Otherwise, they have no guarantee that the third-party companies will not use that data in ways that were not intended.

Technology firms have started offering solutions to allow personalization while giving the consumer control of their data. Celebrus' system, for example, stores information in local storage, allowing the consumer to retain control, and does all personalization and processing on the user's machine. On its face, the technology resembles Solid, a project created in a collaboration between Web progenitor Tim Berners-Lee and the Massachusetts Institute of Technology, which allows users to create virtual data "pods" on their systems that they can give trusted companies access to in a granular way, says John Bruce, co-founder and CEO of Inrupt, which is commercializing the technology.

"Solid allows people to make themselves known to providers without losing control of data," he says. "Businesses are truly beginning to understand that they can better service the customer if they retain their trust and allow them to keep control of their data."

**Consumers Want Personalization**

Ad-tech firms will not go away, but they will likely have less access to consumer data. Delivering personalization to consumers while at the same time limiting the collection of data will be the future, according to analyst firm McKinsey & Co., which found that 71% of consumers expect a personalized experience. Companies that excel at delivering that experience typically see 40% more profits on those services, the firm found.

The result will be that advertising will be less targeted but closer to what consumers want and with less of what we have today — annoying, creepy, and harmful uses of data, says Forrester's Liu.

"\[I\]t's not just the shoes you already purchased that still follow you across the Internet, but \[advertisements targeting\] those who've lost their pregnancies and can't opt out of baby ads," Liu says. "A big part of why we're here — with Apple releasing new privacy features, a quickly evolving privacy regulatory landscape, and rising consumer awareness — is because we've creeped out consumers, and they are fed up."

'No-Party' Data Architectures Promise More Control, Better Security

DevSecOps can help overcome inheritance mentality, especially in low- and no-code environments.

By 2025, total global data creation will reach 181 zettabytes. For enterprises, that data is an asset, allowing them to leverage a variety of technology platforms to create highly personalized customer experiences that engender loyalty and attract new business. However, these experiences are dependent on cloud infrastructures using shared security modes. That's where the risk lies, and it's increasing as technology grows to incorporate a new army of citizen developers using low-code and no-code platforms.

**Understanding and Overcoming the Inheritance Mindset **

Gartner estimates that by 2025, 70% of enterprise applications will be built from low-code and no-code platforms such as Salesforce and ServiceNow. Responding with an inheritance-based mindset is a sure way to set more than two-thirds of enterprise apps up for failure.   

"Inheritance mindset" is an apt descriptor for the problems plaguing infrastructure. It brings to mind a rich, spoiled children who are entirely dependent on the work done and people who came before them. That’s not a good way to build a legacy, and it's an equally bad way to build a system.

When you have a legacy mindset, you assume that the infrastructure is set. The platform is safe, and the security is built in. Trust is assumed simply because the technology was there before the administrator.

That inheritance mindset plagues low-code and no-code platforms. Users rely on the safety of a platform to carry them through an entire enterprise infrastructure. Instead, the security of that platform should apply only to that platform.

Let's say Salesforce developers create an automated assignment program for new leads. They use it within Salesforce for internal assignments, and it's fine. They can rely on the safety of the platform. They decide to expand it to improve automation. They connect that program to an external-facing CRM like ServiceNow, SAP, or Oracle. The inheritance mindset takes over: Salesforce is safe. ServiceNow, SAP or the third-party is safe.

So, Salesforce + third party = safe.

But, there's a great deal of unknown in that plus sign. How do you safely and compliantly connect the internal program created in Salesforce to the external program created in the third-party platform? There is a lot of room for error in that single character.  

And that’s only one connection. Many programs created in Salesforce touch hundreds of others. That’s hundreds of unknowns being treated like the plus sign described above by people who have little to no development experience.  

The only solution is to take that development back down to earth with a return to DevSecOps principles.

**Establishing the DevSecOps Framework **

DevSecOps frameworks have been written, rewritten, and written again since the concept was created. There’s no need to reinvent the wheel when establishing them, especially when SAFECode and the Cloud Security Alliance has built six pillars:

1.  **Collective responsibility:** Security is the responsibility of every person in the enterprise —but people can’t meet standards they don’t know. Leads should be assigned to drive cybersecurity policy and ensure it is disseminated across the enterprise.  
2.  **Collaboration and integration:** Knowledge must be shared and transferred. Half the reason that enterprises fall into the legacy mindset is that everyone who knew the old system is gone. Continuous knowledge sharing helps eliminate this issue.
3.  **Pragmatic implementation:** Pragmatic implementation ties into the developer experience. Processes that are difficult, mundane, and unwieldy are not followed for long. Security should be baked into development practices — that is, every line of code requires a line of test. A high-performing enterprise would take that further by using a tool to automate each line of test code.
4.  **Compliance and development:** Compliance requirements should guide the development process in a way that does not allow developers to deviate from them. A developer for a financial institution, for example, would work on a platform that is designed to be compliant with the Gramm-Leach-Bliley Act. The developer does not have to know the individual ins and outs of the act to be compliant because they are built into the platform.  
5.  **Automation:** Tasks that are predictable, repeatable, and high volume should be automated whenever possible to remove the burden from developers and reduce the risk of human error.
6.  **Monitor:** Modern cloud infrastructures change and grow. It’s vital to keep track of it — ideally, through some form of orchestration that allows an at-a-glance view of all the various interconnections.

In a low- or no-code environment, these pillars are not as straightforward as one would expect. The people using these tools are often business experts with little familiarity with DevSecOps fundamentals.

**Bringing Together People, Processes, and Technology**

The use of low-code and no-code platforms can actually help close this skills gap. Employees want to learn new skills. Enterprises can support that by establishing a DevSecOps framework focusing on people, processes, and technology. 

*   **Processes:** In a zero-trust environment, low-code and no-code developers don’t have to worry about making connections that endanger system integrity because they are incapable of doing so. They have no baseline authority outside of their isolated system.  
*   **People:** A culture of accountability is different from a culture of blame. Accountability means that individuals feel comfortable coming forward with a problem or mistake because the focus is on the issue, not the person.
*   **Technology:** Technology is the single biggest barrier to proper implementation of DevSecOps principles because it is out of the developers' hands. They must use what the organization gives them. If that technology doesn’t work, developers will come up with workarounds that are neither secure nor safe. Essentially, the technology becomes one big shadow IT generator.

We live in an exciting time for development. More and more people have the opportunity to build software, test strategies, and improve business value. But with that comes risk. Enterprises that look at ways to offload that risk onto technology will keep their development down to earth while leaving room to explore.

How DevSecOps Empowers Citizen Developers

Six out of the eight products achieved an "A" rating or higher for blocking malware attacks. Reports are provided to the community for free.

**AUSTIN, Texas – Aug. 25, 2022** — CyberRatings.org, the nonprofit entity dedicated to providing transparency on cybersecurity product efficacy, has published results of its Q2 2022 Endpoint Protection Comparative Test.

Focused on endpoint products that feature antivirus protection, the products tested were Avast Free Antivirus, AVG AntiVirus Free, ESET Internet Security, McAfee Total Protection, Norton 360, Microsoft Defender, Sophos Home Premium and Trend Micro Maximum Security.

“The bad guys are getting bolder and malware / ransomware campaigns continue to get more sophisticated,” said Vikram Phatak, CEO of CyberRatings.org. “Most infections occur in the first few hours after a new campaign is launched. The time it takes for a security product to block the attack matters a lot,” adds Phatak. “That is why we tested not only how much malware a product blocks, but how _quickly_ it blocks an attack.”

Over 40,000 live tests were performed on each product, providing a ±0.49% margin of error. Trend Micro Maximum Security offered the most protection, blocking 97.97% of malware. Sophos Home Premium provided the second-highest protection, blocking 97.47%, followed by Microsoft Defender at 97.13%. Sophos was the quickest to add protection for previously unblocked malware, closely followed by Trend Micro.

With more businesses embracing remote work, a user’s protection is likely limited to the web browser and their endpoint protection product. Therefore, it’s important to be informed about which products are performing as advertised.

The Comparative Test Reports provide metrics for products blocking malware over time, average time a product added protection, and average time it took a product to add protection.

The test was funded by CyberRatings.org and no vendor paid to be in or out of the test. As a service to the community, CyberRatings.org is providing these reports for free.  

The following endpoint protection / antivirus products were tested:  

  

*   Avast Free Antivirus – v22.4.6011 (build 22.4.7175.725)
*   AVG AntiVirus Free – v22.4.3231 (build 22.4.7175.725)
*   ESET Internet Security – v15.1.12.0
*   McAfee Total Protection – v16.0 R46
*   Norton 360 (latest updates)
*   Sophos Home Premium – v4.1.0
*   Trend Micro Maximum Security – v17.7.1243
*   Windows Defender – Antimalware Client v4.18.2203.5

**Additional Resources**

*   Follow CyberRatings.org on Twitter
*   Follow CyberRatings.org on LinkedIn

**About CyberRatings.org**   
CyberRatings.org is a non-profit 501(c)6 entity dedicated to quantifying cyber risk and providing transparency on cybersecurity product efficacy through testing and ratings programs. To become a member, visit www.cyberratings.org

Endpoint Protection / Antivirus Products Tested for Malware Protection

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

**SAN FRANCISCO, Aug. 24, 2022** — Capital One joins the Open Source Security Foundation (OpenSSF) as a premier member, affirming its commitment to strengthening the open source software supply chain. OpenSSF is a cross-industry organization hosted at the Linux Foundation, designed to inspire and enable the community to secure the open source software we all depend on, including development, testing, fundraising, infrastructure, and support initiatives.

Capital One joins the OpenSSF Governing Board in charge of leading the organization and providing strategic direction. “We are happy to welcome Capital One to the Open Source Security Foundation,” says Brian Behlendorf, General Manager of OpenSSF. “As a highly regulated company that has invested in technology, Capital One has experience building the governance structure, modern architecture and collaborative culture that is critical for well-managed open source software delivery. By joining the OpenSSF, Capital One is demonstrating a serious commitment to secure open source software that benefits our entire ecosystem.”

As one of the nation’s leading digital banks, technology is central to Capital One’s business strategy and how value is delivered to more than 100 million customers. The company began a technology transformation over a decade ago, which included an open source-first declaration in 2015. A modern architecture in the cloud is allowing Capital One to take advantage of the world’s innovations and accelerate delivery by committing to a collaborative software-building approach among the open source community.

“Today some of the most ground-breaking digital experiences created for customers are based on open source software. As a company that widely adopts this technology, Capital One is incredibly proud to join the OpenSSF and the world’s technology leaders as we collaborate to strengthen the software security supply chain,” said Chris Nims, EVP of Cloud & Productivity Engineering at Capital One. “As a highly-regulated company, we are seasoned in managing compliance and governance and advocate for standardization, automation and collaboration. We look forward to working together to identify solutions that advance the OpenOSSF mission and give back to the open source community.”

Earlier this year, the OpenSSF unveiled a 10-point plan at the Open Source Security Summit hosted in conjunction with the White House in May. The plan feeds into 10 different workstreams, like finding ways to reduce patching response times for open source software, developing new metrics to track code and components, moving the industry away from non-memory safe programming languages that make it difficult to find and fix vulnerabilities, establishing a framework for incident response teams that can be deployed across the open source community and conducting annual third-party reviews of the top 200 most critical open source security components.

More recently, the OpenSSF hosted a Town Hall especially for open source software maintainers, contributors, software developers, and open source software users who know security is important, but haven’t made the leap to join an OpenSSF Working Group or Project yet. On Tuesday, Sept. 13, they will be hosting an OpenSSF Day EU at the Open Source Summit Europe in Dublin, Ireland, and online.

Capital One joins other OpenSSF premier members 1Password, AWS, Atlassian, Cisco, Citi, Coinbase, Dell Technologies, Ericsson, Fidelity, GitHub, Google, Huawei, Intel, IBM, JFrog, JPMorgan Chase, Meta, Microsoft, Morgan Stanley, Oracle, Red Hat, Snyk, Sonatype, VMware, and Wipro.

**About OpenSSF**

The Open Source Security Foundation (OpenSSF) is a cross-industry organization hosted by the Linux Foundation that brings together the industry’s most important open source security initiatives and the individuals and companies that support them. The OpenSSF is committed to collaboration and working both upstream and with existing communities to advance open source security for all. For more information, please visit us at: openssf.org.

**About the Linux Foundation**

Founded in 2000, the Linux Foundation and its projects are supported by more than 2,950 members. The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, Hyperledger, RISC-V, and more. The Linux Foundation’s methodology focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org.

Capital One Joins Open Source Security Foundation

The "0ktapus" cyberattackers set up a well-planned spear-phishing effort that affected at least 130 orgs beyond Twilio and Cloudflare, including Digital Ocean, DoorDash and Mailchimp.

_This post was updated at 12:30 ET on Aug. 26 to include information on DoorDash being compromised._

The hackers who social-engineered Twilio and Cloudflare employees earlier in August (and breached the former) also infiltrated more than 130 other organizations in the same campaign, vacuuming up nearly 10,000 sets of Okta and two-factor authentication (2FA) credentials.  

From there, they launched supply-chain attacks on downstream customers, resulting in firms like Digital Ocean and DoorDash becoming secondary victims.

That's according to an investigation from Group-IB, which found that several well-known organizations were among those targeted in a massive phishing campaign that it calls 0ktapus. The lures were simple, such as fake notifications that users needed to reset their passwords. They were sent via texts with links to static phishing sites mirroring the Okta authentication page of each specific organization.

"Despite using low-skill methods, \[the group\] was able to compromise a large number of well-known organizations," researchers said in a blog post today. "Furthermore, once the attackers compromised an organization, they were quickly able to pivot and launch subsequent supply chain attacks, indicating that the attack was planned carefully in advance."

Such was the case with the Twilio breach that occurred Aug. 4. The attackers were able to social-engineer several employees into handing over their Okta credentials used for single sign-on across the organization, allowing them to gain access to internal systems, applications, and customer data. The breach affected about 25 downstream organizations that use Twilio's phone verification and other services — including Signal, which issued a statement confirming that about 1,900 users could have had their phone numbers hijacked in the incident.  

The majority of the 130 companies targeted were SaaS and software companies in the US — unsurprising, given the supply chain nature of the attack.

For instance, additional victims in the campaign include email marketing firms Klaviyo and Mailchimp. In both cases, the crooks made off with names, addresses, emails, and phone numbers of their cryptocurrency-related customers, including for Mailchimp customer DigitalOcean (which subsequently dropped the provider). 

On Friday, DoorDash announced that it was a supply-chain victim, noting in a blog post, that the attackers obtained credentials from employees of a third-party vendor, which were then used to access DoorDash’s internal tools and systems. The adversaries then stole names, email addresses, delivery addresses and phone numbers of DoorDash customers and drivers, and some payment-card information was stolen.

In Cloudflare's case, some employees fell for the ruse, but the attack was thwarted thanks to the physical security keys issued to every employee that are required to access all internal applications.

Lior Yaari, CEO and co-founder of Grip Security, notes that the extent and cause of the breach beyond Group IB's findings are still unknown, so additional victims could come to light.

"Identifying all the users of a SaaS app is not always easy for a security team, especially those where users use their own logins and passwords," he warns. "Shadow SaaS discovery is not a simple problem, but there are solutions out there that can discover and reset user passwords for shadow SaaS.”

**Time to Rethink IAM?**

On the whole, the success of the campaign illustrates the trouble with relying on humans to detect social engineering, and the gaps in existing identity and access management (IAM) approaches.

"The attack demonstrates how fragile IAM is today and why the industry should think about removing the burden of logins and passwords from employees who are susceptible to social engineering and sophisticated phishing attack," Yaari says. "The best proactive remediation effort companies can make is to have users reset all their passwords, especially Okta."

The incident also points out that enterprises increasingly rely on their employees' access to mobile endpoints to be productive in the modern distributed workforce, creating a rich, new phishing ground for attackers like the 0ktapus actors, according to Richard Melick, director of threat reporting at Zimperium.

"From phishing to network threats, malicious applications to compromised devices, it's critical for enterprises to acknowledge that the mobile attack surface is the largest unprotected vector to their data and access," he wrote in an emailed statement.

Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack

Online Security autonomously blocks malicious URLs, extensions, ad trackers, and pop-ups 24/7, protecting consumers from complex and rapidly evolving cyber threats online.

**NEW YORK, Aug. 24, 2022 /PRNewswire/** — ReasonLabs, a leading cybersecurity company providing enterprise-grade protection to users worldwide, has launched its newest product, Online Browser Security. The product provides real-time, 24/7 protection against malicious URLs, phishing, harmful extensions, suspicious downloads, intrusive cookies and trackers, unauthorized notifications, and pop-ups. It is currently available worldwide as a free download.

Online Browser Security is seamlessly integrated with RAV Endpoint Protection, ReasonLabs' leading antivirus software built on a multilayered machine-learning engine, to keep personal data safe from security threats. Bringing all the elements of a next-generation antivirus solution to the web browser, the solution allows consumers to use the internet with confidence and peace of mind.

Powered by an autonomous protection engine, users can choose their own protection settings and let the endpoint protection do the work for them. It comes complete with a dashboard to stay informed regarding any identified and blocked online threats. Scheduled and user-initiated scans are also available at the touch of a button.

"Our mission at ReasonLabs is to provide every home user with the same degree of cybersecurity protection that large companies receive," said Kobi Kalif, ReasonLabs CEO. "In our connected world, everyone deserves the highest level of protection, and today, we have added another solution that will safeguard users in real-time, 24/7. As an additional layer to our security platform, RAV Online Security offers next-generation protection for all next-generation cyber threats."

Key features of RAV Browser Security include a malicious URL blocker, the ability to disable harmful extensions, and the blocking of suspicious cookies and ad trackers. The product also monitors all file downloads and comes equipped with an advanced threat scanner, and has notification control. These features can be easily managed through the easy-to-use RAV Online Security dashboard.

Optimizing users' online experience, Online Security is a key component of ReasonLabs' advanced breach prevention product suite, which also includes RAV EDR, RAV VPN, RAV Safer Web, and FamilyKeeper, its parental control solution.

About ReasonLabs:  
ReasonLabs is a global pioneer in cybersecurity detection and prevention. Powered by machine learning, ReasonLabs' cutting-edge technology is revolutionizing consumer-focused cybersecurity, bringing enterprise-grade protection into the homes of tens of millions of users worldwide. Its innovative engine scans over 2 billion files in 180 countries a day, delivering fast, comprehensive data while providing 24/7 real-time threat detection. Founded in 2016, ReasonLabs is based in New York and Tel Aviv.

**Learn more:** https://www.ReasonLabs.com  
**Follow us:** Blog | Twitter | Facebook | LinkedIn | Instagram | YouTube

  
SOURCE: ReasonLabs

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

ReasonLabs Launches Free Online Security Tool to Power Secure Web Experience for Millions of Global Users

As cryptocurrency valuations make strikes less lucrative, ransomware gangs like the new RedAlert and Monster groups are modifying their tools to attack across platforms.

Two emerging ransomware gangs, known as RedAlert and Monster, have adopted cross-platform capabilities to make attacks easier to execute against multiple operating systems and environments. It's a shining example of a snowballing trend toward multiplatform ransomware attacks, for which defenders need to gear up.

One of the new threat groups, referred to as RedAlert or N13V, creates executables in a Linux-specific version of C, and also supports VMware's enterprise-class ESXi hypervisor. The other threat group, Monster, uses an older cross-platform language, Delphi, which makes it easy to tailor the attack for a specific victim's configuration.

The ability to impact a variety of client operating systems within a single victim's environment started gaining steam in 2021, according to an advisory from Kaspersky published on Thursday. The Conti group, for example, allows affiliates to access a Linux variant of its ransomware, which also allows targeting of systems running VMware's ESXi hypervisor.

**Deploy Once, Affect Many**

There are several reasons for the trend: For one, it cuts down on labor. Attackers need only to write a certain program functionality once, and are then be able to use the resulting code to script the attacks against multiple targets, Kaspersky's advisory stated.

"We've gotten quite used to the ransomware groups deploying malware written in cross-platform language," Jornt van der Wiel, senior security researcher at Kaspersky's Global Research and Analysis Team, said in a statement. "These days, cybercriminals \[have\] learned to adjust their malicious code written in plain programming languages for joint attacks, making security specialists elaborate on ways to detect and prevent the ransomware attempts."

Other benefits to cross-platform attacks is the ability to hamper analysis, plus the ability to customize attacks to specific victim environments. Groups can use command lines to customize an attack to prevent code from running on ESXi environments, for instance — or conversely, to focus on certain kinds of client virtual machines.

"Recently, their goal is to damage as many systems as possible by adapting their malware code to several OS at the time," Kaspersky stated in its blog post on 2022 ransomware trends. "\[But\] there are a few other reasons to use a cross-platform language." 

Kaspersky also noted that ransomware gangs are getting better and better at adapting n-day exploits, which it dubbed "1-day" exploits, to multiplatform attacks. N-days refer to just-reported vulnerabilities that cybercriminals race to exploit before companies have time to patch them.

"\[Such broad functionality\] is something we usually see in commercial exploits," the company said, noting that one of the two exploits covered in its latest advisory was used "in the wild" during an attack on a large retailer in the Asia-Pacific region.

The move to cross-platform is borne out of necessity, researchers said. In the first half of 2022, as the value of cryptocurrencies plummeted, ransomware attacks declined, with cybersecurity firm Arctic Wolf reporting a drop of about a quarter. While the trend did not hold for other cybercrimes, such as investment scams and business email compromises, the headwinds for ransomware groups meant that threat actors have had to find ways to increase their success.

**Rust and GoLang Gain Steam for Ransomware Coding**

A common way that groups have tackled the process of adding cross-platform capabilities is to write the code in a language that supports other platforms, such as Rust or Golang, Kaspersky noted in its Aug. 24 advisory.   

The BlackCat ransomware program, for instance, is written in Rust, a successor to C, which has gained traction because of its improved security features. 

"Due to Rust cross-compilation capabilities, it did not take \[a\] long time for us to find BlackCat samples that work on Linux as well," Kaspersky said in the advisory. "The Linux sample of BlackCat is very similar to the Windows one."

Ransomware written in Rust and Go also make analysis harder for malware researchers, since tools to analyze those languages are not as sophisticated as analyzing programs written in the common C programming language, Kaspersky noted.

More Bang for the Buck: Cross-Platform Ransomware Is the Next Problem

Following whistleblower complaint, Oregon senator renews commitment to passing bipartisan legislation to address the national security risks.

**Washington, D.C.**, **Aug. 24** — Sen. Ron Wyden, D-Ore., issued the following statement following a complaint this week by a former Twitter employee that alleged widespread poor privacy and security practices at the social media company:

"The best time to encrypt users' DMs was 5 years ago. The second-best time is today, after reports that thousands of Twitter employees may have access to those conversations.

"I personally urged Jack Dorsey to secure users' private conversations with strong, end-to-end encryption years ago, to ensure Americans couldn't be targeted by criminals, predators and spies. And I renewed that call over, and over again. Unfortunately, I and other advocates were right to be concerned. For the same reason, Apple should end-to-end encrypt iCloud data and secure it against unwanted access. I am also deeply troubled by accusations that foreign companies and governments may have had access to Americans' private data. I've introduced bipartisan legislation to address the national security risks of foreign companies getting our data, and remain deeply committed to passing it in light of these new accusations."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Wyden Renews Call to Encrypt Twitter DMs, Secure Americans' Data From Unfriendly Foreign Governments

The Forte Group, which gained momentum as an informal organization during the pandemic, will offer career development and advocacy for women execs in cybersecurity as well as newcomers.

At the start of the pandemic two years ago, a group of high-level female cybersecurity executives informally began meeting remotely to share ideas, expertise, and professional support. That group of women execs — now with 90 members — today launched as a nonprofit called The Forte Group to officially offer career assistance, advocacy, mentoring, and educational programs for women in the infosec and technology fields.

The Forte Group includes CISOs from large enterprises such as Johnson & Johnson and Wayfair, and leaders from technology giants like Microsoft, as well as cybersecurity business leaders. 

What started as an "offset" in the pandemic grew into a community, says Didi Dayton, chair and president of the newly formed Forte board.

"The opportunity for cybersecurity practitioners to connect regularly with peers has bolstered that community, and we have seen an evolving network effect by members amplifying: sharing speaking opportunities, surfacing hot topics \[such as\] emerging tech, ransomware, hiring strategies, celebrating personal and professional wins, and finding peer mentors and a social network to have meaningful connections with," Dayton explains.

**"When Things Get Tough"**

The virtual forum that the Forte Group initially created provided a way for them to efficiently meet and collaborate on specific topics as well, she says. "Forte members share ideas and resources, and ground one another when things get tough — which for our CISOs is often, unfortunately," she says. For example, the group earlier this year held a town hall to share ideas and expertise on managing software bills of management (SBOMs).

"We have hosted world-renowned speakers to talk about everything from high-stakes negotiation tactics, global policy, personal branding, insurance, board prep ... to other curated topics for this audience," Dayton says.

The group's nonprofit status gives it room to raise funding for more formalized programs in career development and education for women in the industry, as well as scholarships for newcomers. "We're already in talks with corporate sponsors who align with our mission of developing and further careers for a diverse workforce in cybersecurity," says Zenobia Godschalk, vice president of The Forte Group. "In addition, some of our members are eager to contribute or redirect their speaker fees and other professional fees they receive towards Forte’s efforts."

**Other Groups**

Of course, The Forte Group is not the only organization for women in cybersecurity. Groups such as the Executive Women's Forum, Women in CyberSecurity (WiCys), the Diana Initiative, Women's Society of Cyberjutsu (WSC), and others have been active for several years. But Godschalk says the new nonprofit will provide yet another resource for women in cybersecurity. 

"We know there is a lot of overlap in our membership with other groups in this space, and that's a wonderful thing," she says. "While some focus on just career development, and others focus on just privacy, for example, we believe there's room and need for a welcoming umbrella where women in this industry can find a resource for just about anything they're up against in their careers — whether that's how to negotiate an equity offer for comp or investment, how to navigate ransomware best practices, or how to join your first board."

In addition to Dayton and Godschalk, The Forte Group's board of directors includes Flora Garcia (secretary), global privacy and data protection office leader at Wayfair; Caroline Wong (treasurer), chief strategy officer at Cobalt; Swathi Joshi (member), vice president of SaaS cloud security at Oracle; Yael Nagler, Office of the CISO at Yass Partners; and Chenxi Wang (member), managing general partner at Rain Capital.

The Forte Group's roots date back to the so-called "Equal Respect" movement at the RSA Conference in 2014. Other members of The Forte Group include Aanchal Gupta, corporate vice president of Azure and M365 Security at Microsoft; Marene Allison, CISO of J&J; and Marnie Wilking, CISO at Wayfair.

Senior-Level Women Leaders in Cybersecurity Form New Nonprofit

Venture firm hires former Splunk CEO to spearhead new GTM advisory board and help portfolio companies scale up.

**JERUSALEM – Aug. 24, 2022 —** Cyberstarts, a venture capital firm focused on building next-generation cyber companies, today announced the closing of Cyberstarts Seed Fund III with $60 million committed capital to invest in early-stage cybersecurity companies. This fund was raised only a few months after the firm raised $200 million for a new opportunity fund in February 2022, bringing total assets under management to $374 million. In addition, Cyberstarts announced the appointment of Doug Merritt, former President and CEO of Splunk, to chair Sunpeak, its new go-to-market (GTM) advisory board. Sunpeak will provide Cyberstarts' portfolio companies with hands-on guidance from world-renowned technology leaders on scaling GTM strategy and creating repeatable sales cycles to ensure early success. The addition of this community is a natural next step in the firm's mission to build the world's most important cybersecurity companies.

Since its inception in 2018, Cyberstarts has formed one of the world's most successful venture capital firms focused on funding, launching and supporting early stage cybersecurity companies and entrepreneurs. With its unique entrepreneur-backed model, Cyberstarts' investors and limited partners (LPs) are comprised of the industry's most prominent leaders including Shlomo Kramer of Cato Networks, Imperva and Check Point, Marius Nacht of Check Point, Nir Zuk from Palo Alto Networks, Udi Mokady from CyberArk, Nir Polak of Exabeam, and Michael Shaulov of Fireblocks, to name a few. These investors provide strategic counsel to portfolio companies and entrepreneurs from guidance on product-market fit to talent recruitment and everything in between.

Doug Merritt joins Cyberstarts as Chair of Sunpeak, the firm's new GTM advisory board to help portfolio companies scale up their business. In this role, Merritt will work with Cyberstarts to recruit some of the nation's top GTM experts composed of CEOs, CROs, CMOs, and VPs of Sales to design a measurable, KPI-driven approach to advising, nurturing, and scaling early stage portfolio companies. Prior to Cyberstarts, Merritt served as President and CEO of Splunk and also held senior leadership roles at large enterprise companies including Cisco, SAP, and PeopleSoft.

"Building the world's most important cybersecurity companies requires more than capital — it requires a methodical and holistic investment model from day one by investing in the right talent and supporting them across every business function, from initiation to product-market fit and beyond," said Lior Simon, General Partner of Cyberstarts. "We take a unique approach to mentoring our portfolio companies via our Sunrise, and now, Sunpeak communities. Doug brings unparalleled experience in executing go-to-market strategy and will be key to helping our portfolio accelerate business potential, while minimizing risk."

"I'm very impressed by the success Cyberstarts and its portfolio has experienced in such a short period of time," said Doug Merritt, Chair of the GTM advisory board at Cyberstarts. "I'm excited to work with the team to build the Sunpeak community with top GTM leaders from across the globe and help the next generation of cybersecurity entrepreneurs scale their businesses rapidly and strategically."

Cyberstarts' first fund showed a weighted annual return to investors of 300% and its portfolio companies raised a total of $2 billion in 2021, with a combined valuation of $20 billion, from firms including Sequoia, Greylock, Lightspeed, Index, Insight, Accel, General Atlantic, and many more.

"Most of the entrepreneurs we have partnered with grow into significant businesses over a short period of time because we invest in people, not ideas. In fact, sometimes our portfolio companies don't even have the 'idea' prior to investment," said Gili Raanan, founder of Cyberstarts. "We have created a highly differentiated vehicle, dubbed Sunrise, that relies on communities of experienced cybersecurity entrepreneurs and forward-thinking CISOs and CIOs to drive the creation of the most influential cybersecurity companies in the world. I'm excited to have Doug Merritt join our team to help create the cybersecurity textbook for optimizing go-to-market strategy as chair of our Sunpeak advisory board. The addition of this new community is a natural next step in our mission to build the world's most important cyber companies."

Cyberstarts is managed by Lior Simon and Gili Raanan. The small team also includes Jason Clark, chair of the CISO advisory board, Curtis Simpson, who heads the product-market fit activities with portfolio companies, and Doug Merritt, chair of the GTM advisory board.

**About Cyberstarts**

Founded in 2018 by Gili Raanan, and managed by Lior Simon and Gili, Cyberstarts operates a laser-focused seed line of business, nurturing cybersecurity entrepreneurs and helping to shape companies from product ideation to product-market fit and beyond. Cyberstarts funds Israeli, early-stage cybersecurity organizations, and is the only venture capital firm primarily funded by the industry's most successful cybersecurity founders. Cyberstarts' seed investments include Fireblocks, Wiz, Transmit, Island, Noname Security, and many others, including some still operating in stealth mode. For more information, please visit https://cyberstarts.com/.

Source

DARKReading