HackerOne Assets combines ASM with insights from security experts to protect known and unknown digital assets.

SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking, and risk prioritization to an organization's digital asset landscape. Research from ESG revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Assets form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps.

With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment, and process improvements to reduce risk. HackerOne’s community of ethical hackers enrich the asset and scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.

“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” explained Ashish Warty, SVP of Engineering at HackerOne. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”

“Having in-depth visibility of our attack surface is a core part of our security strategy,” said Roy Davis, Lead Security Engineer at Zoom. “With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those areas of our attack surface that need the most attention, helping us address security gaps faster.”

HackerOne has already been running an early access program with selected enterprise customers, helping to gain critical insights into customers’ ASM drivers and investigating how to leverage the hacking community as an ASM force multiplier. With this general launch, HackerOne continues to augment its Attack Resistance Management Platform, which includes Asset Inventory, OpenASM and Assets API, Automated and Hacker-led Discovery, Continuous Scanning and Monitoring, Risk Ranking, and Attack Surface Coverage.

To learn more about how the Attack Management approach can close security gaps, visit: HackerOne.com

ABOUT HACKERONE

HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.

Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps

Distrust and verify, because you can't protect what you can't see.

Even before the Biden administration announced US federal agencies and contractors must adopt new zero-trust cybersecurity standards, many enterprise-level companies had already begun their journeys toward zero-trust architecture (ZTA) adoption.

According to a recent survey conducted by Forrester, 78% of global security leaders said they plan to bolster zero-trust operations this year, though only 6% said they have fully implemented their zero-trust projects. These organizations recognize that networks today can be local, reach into the cloud, or extend anywhere remote workers are — which limits the effectiveness of traditional defenses.

In dealing with direct attacks such as the recent Log4j vulnerability, indirect attacks such as phishing with malware, and internal lateral movement, traditional perimeter-based network access control has proven insufficient in detecting, much less preventing, compromise. Zero trust — based on the concept that users must be authenticated and continuously validated to be granted access to applications and data — is much more effective because it protects resources rather than network segments.

But successful execution is more like a journey than a switch that can be flipped on. It requires various technologies working together — including multifactor authentication, endpoint security, and identity protection — with full zero-trust adoption becoming an ongoing process of enhancements, refinements, and policy adjustments.

There's an old adage that became well known during the Cold War: "Trust, but verify." More of each is needed in today's highly distributed world, where networked environments are dynamic and network infrastructure, services, users, and more can rapidly change. Organizations cannot blindly assume their zero-trust architecture (ZTA) is always functioning as intended. Organizations need to actively distrust _and_ verify as they refine their network infrastructure, services, and operational policies. Thankfully, continuous deep packet monitoring provides the independent intelligence necessary to improve policy enforcement decisions.

**The Role of Deep Packet Monitoring**

In the Zero Trust Maturity Model laid out by the Cybersecurity and Infrastructure Security Agency (CISA), five distinct pillars reflect how advanced an organization is in its zero-trust implementation. Cutting across these pillars are guidelines for visibility and analytics, automation and orchestration, and governance — suggesting the need for cross-pillar collaboration, integration, and management for more mature ZTAs.

In traditional, non-zero-trust deployments, packet monitoring at the perimeter and occasionally in sensitive areas of the internal network provides the foundation for network visibility and analytics. But as an organization's ZTA matures, traditional perimeters blur or even vanish altogether. North-south traffic will always need to be seen and controlled, but equally as importantly, east-west traffic must be seen and controlled to detect and prevent lateral or deeper compromise in the environment. To achieve zero-trust maturity, pervasive network visibility of the entire network through deep packet monitoring is required.

Packets are the best source of high-fidelity network data available, especially for organizations further along in their digital transformation journeys toward greater public or hybrid cloud use. In these environments, organizations often lose a degree of visibility compared with traditional data centers, and traditional cybersecurity safeguards like endpoint defenses may not even come into play. Packet data transcends the limitations of distributed infrastructure to help verify performance and policy compliance in near real time, offering a single source of truth that can be analyzed months or even years later.

While networking teams have traditionally used packet monitoring to analyze networks, manage traffic, and identify performance issues, the data that packets provide to security teams can be just as invaluable for threat detection and investigations. Packet data allows security teams to trace communications between interconnected devices and historical trends, for example, and can assist in orchestrating mitigation between management and enforcement tools through APIs. It also fills in visibility and data gaps left by other cybersecurity tools (e.g., security information, event management, and endpoint detection), making those tools and existing cybersecurity staff more effective. Finally, organizations can use packet monitoring to classify networks, servers, and services based on risk, allowing for very rapid and concise verification of ZTA.

In summary, enterprises just beginning their zero-trust journeys will require refinements to their architectures as they mature. Their solutions will increasingly rely on automated processes and systems, with greater integration across pillars and more dynamic policy enforcement decisions. For these systems to remain successful, continuous validation of zero-trust designs and enforcement boundaries is required, and deep packet monitoring offers the most comprehensive level of visibility available to verify their effectiveness.

At the end of the day, zero trust is a philosophy. To buy in completely, nothing can be taken for granted. Even organizations with more mature zero-trust implementations must continually verify their adherence with constant, pervasive network visibility. After all, you can't protect what you can't see, and what you can't see, you shouldn't trust.

Comprehensive Network Visibility Is Imperative for Zero-Trust Maturity

A timing attack helps cyberattackers lob malicious code-bombs at corporate targets by cloning private package names.

A novel timing attack has emerged for targeting private corporate software packages hosted in the npm code repository. The goal is to uncover the legitimate offerings and then create malicious public packages using the same names in order to trick employees into downloading the doppelganger blocks.

Internal developer projects typically use standard, trusted code dependencies that are housed in private repositories on npm and elsewhere. The idea is to avoid software supply chain attacks and other code dependency issues, and to protect sensitive internal developer code. As such, if they can be hijacked or weaponized, they provide an attractive avenue for cybercriminals looking to crack corporate networks and exfiltrating sensitive information.

**Code Dependency Confusion Rides Again**

Last year, researcher Alex Birsan pioneered what's known as the code dependency confusion attack, using benign proof-of-concept (PoC) code blocks to target internal apps at Amazon, Lyft, Slack, and Zillow, among others. He created "copycat" packages to be housed instead in public repositories like npm, with the same names as the private legitimate code dependencies. What ensued was that internal projects began defaulting to importing the new public packages instead of the private ones.

The PoC demonstrated how outside code can be imported and propagated through a targeted company’s internal applications and systems, with relative ease — including at Apple, Microsoft, Netflix, PayPal, Shopify, Tesla, and Uber. Unsurprisingly, it didn't take long for malicious actors to replicate the attack pattern.

One way to defend against these kinds of attacks is to keep the package names secret so they can't be cloned. But according to Aqua Security’s Nautilus research team, it's possible to reveal private packages names by using a glitch in npm's registry API.

**A New Type of Timing Attack**

Npm's registry API allows users to check for the existence of packages, download them, and receive information about them. If a user searches for a private package or one that doesn't exist, the website throws a 404 HTTP error message in both cases. However, there's a difference in the amount of time it takes to return that error page: The average response time to 404 a private package is 648 milliseconds, while the average time when a package doesn't exist at all is just 101 milliseconds.

"If a threat actor sends around five consecutive requests for information about a private package and then analyzes the time taken for npm to reply, it is possible for them to determine whether the private package in fact exists," Nautilus researchers said in an Oct. 13 blog post.

There are a few methods that could be used to create a list of private package names to test with the timing attack, according to the research. These include:

*   Guess the names of the private packages by performing a dictionary attack using the patterns found in the nomenclature of the organizations' public packages.
*   Use online public data sets (such as libraries.io) access historic information about public packages that were deleted — these may have been converted to private packages.

The researchers reported the issue to npm owner GitHub's bug bounty program, getting this response: “Because of these architectural limitations, we cannot prevent timing attacks from determining whether a specific private package exists on npm.”

To protect themselves, the researchers said, corporations should be actively looking for typosquatting, lookalikes, or copycat packages, and verifying that there are no other packages with the same name as internal private packages being hosted in repositories.

Novel npm Timing Attack Allows Corporate Targeting

The comprehensive, multiplatform framework comes loaded with weapons, and it is likely another effort by a China-based threat group to develop an alternative to Cobalt Strike and Sliver.

Researchers have uncovered a potentially dangerous cyberattack framework targeting Windows, Linux, and Mac systems that they assess is likely already being used in the wild.

The framework consists of a new, stand-alone, command-and-control (C2) tool dubbed "Alchimist," a previously unseen remote access Trojan (RAT) called "Insekt," and several bespoke tools like a custom backdoor and malware for exploiting vulnerabilities in macOS. It also includes reverse proxies and several dual-use tools such as netcat, psexec, and an intranet-scanning tool called fscan.

"Alchimist is a new C2 framework that can be rapidly deployed and operated with relatively low technical expertise by a threat actor," says Nick Biasini, head of outreach at Cisco Talos.

**A Cobalt Strike Alternative?**

Researchers from Cisco Talos who discovered the attack framework described Alchimist as another example of threat actors trying to develop alternatives to popular post-exploit tools such as Cobalt Strike and, more recently, Sliver. 

"The emergence of such frameworks in the wild suggests that threat actors are actively trying to develop alternative solutions to popular attack frameworks ... whose increasing popularity has led to rigorous detection efforts," Biasini says. 

In a blog post on Oct. 13, Cisco Talos described Alchimist as a 64-bit Linux executable written in GoLang with a Web interface written in Simplified Chinese, the official written script for mainland China. The Insekt RAT, Alchimist's primary implant, is also implemented in GoLang. The malware features several remotely accessible capabilities that allow it to be customized via the C2 server.

"\[Alchimist\] can generate a configured payload, establish remote sessions, deploy payloads to the remote machines, capture screenshots, perform remote shellcode execution and run arbitrary commands," the report noted. Giving it those capabilities are a variety of malware tools, including a Mach-0 backdoor for macOS and a separate macOS malware dropper that exploits a known vulnerability in a root program associated with major Linux distributions (CVE-2021-4034).

Of note, the Insekt RAT implants that Alchimist generates features a wide range of capabilities that essentially makes it a Swiss Army knife for the attackers on the infected system, Biasini says.

A campaign utilizing the attack framework has been active since at least January. 

"Although Talos does not have information on the precise targeting intended in this campaign, the intention of the attacks is to compromise and establish long-term access into victim environments," Biasini says.

**Stand-Alone Frameworks**

Cisco Talos has compared the Alchimist framework with another attack framework it discovered recently, dubbed Manjusaka. In a report in August, the company described Manjusaka as a Chinese sibling of Cobalt Strike and Sliver that a threat actor was actively using in a campaign involving COVID-19 and China-themed lure documents.

Both Alchimist and Manjusaka are stand-alone, single-file-based C2 frameworks with similar design philosophies but different implementations. Both come ready to use with no installation required, and both can patch and generate implants such as the Insekt RAT on the fly, Cisco Talos said.

One feature of the new C2 that the company highlighted as being notable is its ability to generate PowerShell and wget code snippets for Windows and Linux.

The snippets give threat actors the ability to create an infection vector for Insekt RAT without having to author custom code or utilize additional tools, Biasini says. Attackers can simply add the PowerShell/wget code to a delivery vector such as a malicious document's VBA Macro or to a malicious shortcut file and then distribute it to victims for infection. 

"This offering may be an attempt by the authors to provide bonus features in the C2 framework and make it more enticing to threat actors," he notes.

Feature-Rich 'Alchimist' Cyberattack Framework Targets Windows, Mac, Linux Environments

Company enables organizations to mark endpoint performance and take immediate action to mitigate risk.

KIRKLAND, Wash., Oct. 13, 2022 – Tanium, the industry’s only provider of converged endpoint management (XEM), today announced the launch of Tanium Benchmark, an industry-first solution that delivers real-time, holistic assessments of the security and operational risks associated with connected endpoints, empowering teams to prioritize efforts, collaborate effectively, and take risk-mitigation action while reducing IT costs and complexity.

Benchmark, powered by the Tanium XEM platform, determines real-time risk scores by analyzing up-to-date, comprehensive data from millions of endpoints across Tanium’s global customer base. Benchmark compares a customer’s endpoint metrics against their industry peers to establish a baseline for ongoing measurement and evaluation. Benchmark also enables IT operations, risk, and security teams to provide corporate board members and executive leadership with just-in-time data to make more informed decisions.

“A near-real-time risk score with comprehensive visibility into the state of endpoints enables executives to better understand the impact of cyberattacks on business outcomes,” said Phil Harris, research director in the Cybersecurity Risk Management Services practice at IDC. “Decision makers can prioritize severe vulnerabilities and response to breaches much nor quickly to reduce the attack surface radically.”

Customer IT and operations teams can utilize Tanium Benchmark findings to manage and track the current state of endpoints and mitigate risk proactively based on more than 20 different metrics including vulnerability, outstanding patches, and lateral movement risk.

“Without accurate real-time data, you are flying blind and unable to make the best decisions from a security and risk perspective,” said Tanium Chief Product Officer Nic Surpatanu. “Tanium Benchmark is a game-changer with its unprecedented insight that instantly assesses the very heart of your most important functions—IT, Risk, and Compliance—and delivers the ability to compare and contrast scores with similar organizations, bringing unique clarity to what is working and where there are areas for improvement. Benchmark enables you to make accurate and effective decisions on where to invest to improve your risk posture.”

Get your no-cost risk assessment now to experience the peace of mind that Tanium Benchmark delivers and make the most of your technology investments.

About Tanium  
Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium protects every team, endpoint, and workflow from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty. Visit www.tanium.com and follow us on LinkedIn and Twitter.

Tanium Benchmark Sets New Standard for Tracking and Improving Security and Operational Metrics

The QAKBOT group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta.

The QAKBOT malware group resumed expanding its access-as-a-service network in early September, successfully compromising hundreds of companies with common second-stage payloads, including Emotet malware and two popular attack platforms, threat researchers said this week.

In the most recent incident, cybersecurity firm Trend Micro observed QAKBOT-infected systems deploying Brute Ratel, an "adversary emulation" platform used by penetration testers, but also — along with Cobalt Strike — used by cybercriminals for its sophisticated capabilities. Another group, known as Black Basta, is likely responsible for the subsequent attacker activity using the two platforms, Trend Micro said.

Black Basta's use of the QAKBOT, also known as QBot or Pinkslipbot, highlights how cybercriminal groups are specializing in particular attack-chain activities, says Jon Clay, vice president of threat intelligence for Trend Micro.

"QBot appears to have improved their offering as they have to compete with other groups selling similar services in the underground — BlackBasta is one such group that feels their tool set works for them," he says. "They continue to update their code and malware to enhance obfuscation and ability to successfully compromise victims."

After QAKBOT infects a system, the attack tools conducts automated reconnaissance and then downloads and installs Brute Ratel, which is then used by Black Basta to move laterally to other systems in the network and execute payloads, according to Trend Micro's report.

Other security firms have also noted that cybercriminal groups have increasingly focused on specific elements of the attack chain. While QAKBOT started out as a banking trojan, different groups have augmented its capabilities with additional modules, according to the NCC Group, a threat intelligence firm.

"QBot is considered a banking Trojan, but thanks to its modular design, it can also act as an infostealer, a backdoor — with its _backconnect_ module — and a downloader," the Global Threat Intelligence Team at NCC Group said in response to questions from Dark Reading, adding: "After the takedown attempt on Emotet and the recent pause of its operation, QBot and Bokbot had been sharing the market."

The approach has garnered success for the group. In a separate report, threat researchers at cybersecurity firm Kaspersky said that QAKBOT had infected at least 1,800 victims, at least half of which are business systems or workers' computers.

Black Basta is just one of the groups that have either use a QAKBOT service or distribute the malware themselves. The Black Basta group first appeared in April, conducting double extortion operations in which the attacker installs ransomware and steals data to put pressure on the business to pay the ransom. The group is likely made up of member of the Conti gang, which dissolved in May, but whose members continue to be a threat.

**Brute Ratel in the QAKBOT Mix**  
In May, a malicious file linked to the attack tool, Brute Ratel, was uploaded to VirusTotal, a common way to check whether current anti-malware scanners can detect a new variant. None of the 56 scanners detect that the file contained malicious code, Mike Harbison and Peter Renals, two threat researchers at network security firm Palo Alto Networks, wrote in an analysis of Brute Ratel in July.

The attack likely came from a Russian group known as APT29 and poses issues for companies, the researchers stated.

"While \[Brute Ratel C4\] has managed to stay out of the spotlight and remains less commonly known than its Cobalt Strike brethren, it is no less sophisticated," Harbison and Renals wrote. "Instead, this tool is uniquely dangerous in that it was specifically designed to avoid detection by endpoint detection and response (EDR) and antivirus (AV) capabilities."

Trend Micro concurred with Palo Alto Networks that, while Cobalt Strike is a well-known payload used by many cybercriminals, more attackers are starting to use Brute Ratel for extending their compromise and delivering payloads, especially after stolen code and leaked licenses have made pirated copies of the software available.

Obscurity helps the program be successful, Trend Micro stated in its analysis.

"This makes Brute Ratel and other less established C2 frameworks an increasingly more attractive option for malicious actors, whose activities may remain undetected for a longer period," the company stated.

Since the current QAKBOT group extensively uses spam, targeted emails, and compromising email threads as a way to distribute the initial links and malware, Trend Micro recommends that users follow email security best practices, such as verifying the email sender and content before downloading attachments and hovering over embedded links to see the actual target URL. Security-awareness training is important part of raising the level needed to infect a company.

QAKBOT Attacks Spike Amid Concerning Cybercriminal Collaborations

This legacy of corporations' appetite for data is not worth the risk, leaders say, emphasizing the need to find, secure and redact records

CHICAGO and NEW YORK, Oct. 6, 2022 -- Dark data represents the biggest potential cybersecurity exposure for U.S. and U.K. businesses, according to a special cybersecurity edition of the DealMaker Meter report, "Understanding Risk: The Dark Side of Data," from Donnelley Financial Solutions (NYSE: DFIN), a leading risk and compliance company. Defined as data that a company has collected but no longer needs — ranging from outdated customer information to old employee records — dark data is often forgotten and unprotected by corporations, creating substantial liabilities as well as tempting targets for cyber criminals.

The rise in dark data has accompanied corporations' increased interest in accumulating a wide variety of data sets (often called Big Data), which can be used to improve marketing, product development, customer service and a host of other activities. Dark data can be unstructured, sensitive, personal, regulated, vulnerable or high-risk information an organization has collected and stored over time.

Nearly seven of 10 enterprise leaders surveyed said data storage presents more risk than value. But while 33 percent of senior leaders and IT personnel are aware of the risks of dark data, 18 percent of others within organizations are less knowledgeable.

In addition to worrying about managing dark data, 96 percent of executives are concerned about data fraud and 95 percent are worried data breach incidents will increase over the next two years. Rightfully so, given more than half have experienced an incident this year and others indicated they had more than five data breaches and/or data fraud incidents this past year.

One key takeaway from the report is that IT departments should deploy technologies to better find, secure and redact dark data.

Other key findings include:

*   Preparing for Tomorrow: Company leaders are focused on improving how their companies protect sensitive data, with 77 percent enacting new policies and processes, 72 percent increasing reporting measures and 75 percent investing in partners and software and solutions. 

*   Technology First: To enhance protection, more than 83 percent indicated they would choose new technology tools over adding more team members, the choice of just 17 percent.

Containing insights from a blue-ribbon panel of finance, legal, HR and IT professionals at large public and private companies in the U.S. and U.K., the special fall edition of the DealMaker Meter is an online tool that provides a snapshot of cybersecurity and dark data concerns. It is designed to help business decision-makers better understand key topics impacting their industry and the world around them.

"This report shows that the appetite for Big Data within corporations has a cost," said Dannie Combs, Chief Information Security Officer at DFIN. "Our clients are increasingly turning to us to help mitigate the risks associated with dark data. We are seeing an influx of requests from companies to leverage virtual data rooms as corporate repositories to store, secure and manage data across departments including finance, legal, HR and R&D. Our Data Protect software is used globally by clients to cost-effectively find and redact dark data across disparate IT systems."

This special fall edition of the DealMaker Meter, "Understanding Risk: The Dark Side of Data," is available for download on the DFIN website here.

**About Donnelley Financial Solutions (DFIN)**

DFIN is a leading global risk and compliance solutions company. We provide domain expertise, enterprise software and data analytics for every stage of our clients' business and investment lifecycles. Markets fluctuate, regulations evolve, technology advances, and through it all, DFIN delivers confidence with the right solutions in moments that matter. Learn about DFIN's end-to-end risk and compliance solutions online at DFINsolutions.com or you can also follow us on Twitter @DFINSolutions or on LinkedIn.

DFIN DealMaker Meter: Surge in 'Dark Data' Represents Growing Danger for Corporations

SAS and Neterium partnered to deliver Neterium’s next-gen screening capabilities on SAS’ analytics platform.

Cary, NC (Oct 10, 2022) The volume, velocity and complexity of today’s sanctions screening landscape require extraordinary vigilance, backed by best-of-breed analytics and data orchestration that empower always-on monitoring and immediate action. To meet these modern-day thresholds, Paris-based Orange Bank teamed with SAS and Neterium to achieve real-time sanctions screening in the cloud.

“Our newly deployed AML-CTF platform, powered by SAS and Neterium, is already proving to be a game-changer,” said Veronique McCarroll, Deputy CEO of Orange Bank.

Ever committed to staying at the forefront of banking innovation, Orange Bank began contemplating new sanctions screening tools in 2021. Going real-time would enable its compliance team to bolster the French bank’s anti-money laundering (AML) and counter-terrorist financing (CTF) guardrails. The bank also aimed to streamline the varied tools used and managed by its analysts. It relied on SAS to deliver on its vision.

Achieving next-gen sanctions screening

“As we considered complementing technologies that would help Orange Bank achieve the agility and responsiveness it required, Neterium was an immediate standout,” said Stu Bradley, Senior Vice President of Fraud and Security Intelligence at SAS. “SAS chose to partner with Neterium to provide the real-time sanctions screening engine because of the efficiency, effectiveness and scalability of its solutions, and also for the explainability of its AI-driven decisioning.”

Over a period of nine months, SAS and Neterium collaborated to align Neterium’s cloud-native real-time “watchlist screening-as-a-service” with SAS® Visual Investigator. Neterium’s dual API-based offerings, Jetscan and Jetflow, operate seamlessly on the SAS platform. The potent synthesis gives Orange Bank automated entity and transaction screening against major government and global watchlists as well as politically exposed persons (PEP) lists.

“Built-in AI and advanced screening technologies improve detection relevance and allow our analysts to monitor a holistic, real-time view of AML risk,” said McCarroll. “I’m confident this implementation will sustainably increase our team’s efficiency and effectiveness – and, likewise, that we leverage the best technology partners to continually enhance our integrated compliance platform.”

“By focusing exclusively on developing infinitely scalable screening capabilities delivered through an API, Neterium has mastered the nuances and complexities of what is perhaps the most confounding facet of financial crimes compliance,” said Florence Vicentini, Chief Commercial Officer and Head of Partnerships at Neterium. “The depth and breadth of SAS’ financial crimes compliance platform is similarly unmatched in the market, which makes the connecting of our technologies and capabilities for Orange Bank a formidable mix.”

“The world’s volatile geopolitical landscape is fraught with risks that demand a real-time view of entities and transactions in the context of ever-expanding sanctions watchlists,” added SAS’ Bradley. “Achieving real-time sanctions screening will help Orange Bank address their compliance challenges through reduced false positives, enhanced performance and improved operational efficiency.”

Today’s announcement was made during Sibos 2022, the world’s global, premier financial services event, convening in Amsterdam, Oct. 10-13. Attendees are invited to engage with SAS experts on sanctions screening and other topics throughout the conference at Sibos Booth B115.

About SAS

SAS is the leader in analytics. Through innovative software and services, SAS empowers and inspires customers around the world to transform data into intelligence. SAS gives you THE POWER TO KNOW.

Orange Bank Deploys Real-Time Sanctions Screening with SAS and Neterium

SaaS security platform promises to track down shadow IT, map supply chain risk, and "nudge" employees to work securely.

After months of speculation and input from security, compliance, and IT operations professionals, Nudge Security has launched its new software-as-a-service (SaaS) platform with the promise of making the increasingly weighty lift of enterprise IT teams lighter. 

Nudge received $7 million in seed money in April to develop what co-founders Russell Spitler and Jamie Blasco told Dark Reading at the time would be a cloud product developed in coordination with psychologists to help end users at critical decision points and avoid security risks and mistakes. 

Now Nudge — which officially emerged from stealth mode today — is offering a free two-week trial for its tool, which the company says will automatically discover shadow IT assets, map digital supply chain risk, and automate security tasks. 

The tool gives end users automated "nudges" to guide them to make secure decisions. 

"Not only do security nudges reduce the burden on IT, security, and compliance teams, but they also give your employees the opportunity to practice good security habits in practical, real-world scenarios — not just during hypothetical training sessions," the company said in an announcement about the Nudge launch. "Simply connect it, go make a sandwich, and then see what you’ve been missing." 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Nudge Security Launches Platform With Humans in Mind

Ransomware attacks are on the rise, but organizations also have access to advanced tools and technologies they can use to fight back.

Ransomware is a hot topic. No industry is immune, and the ransomware gangs behind these attacks are making a lot of money with minimal risk of being caught. However, every industry has increasing access to the advanced tools and technologies needed to fight back.

In the past few years, ransomware attacks have evolved to include crippling, networkwide attacks using multiple extortion methods to target both your data and reputation, all enabled by human intelligence. This has led to ransomware operators driving their profits to unprecedented levels, with predictions noting that the total cost of ransomware attacks will reach $265 billion by 2031.

We have seen a major shift from commodity ransomware attacks to human-operated ransomware. These “hands-on-keyboard” attacks target an entire organization rather than a single device or individual, leveraging human attackers’ knowledge of common system and security misconfigurations to get in, navigate the enterprise network, and adapt to the environment and its weaknesses as they go.

Attackers use a three-step approach to carry out successful human-operated ransomware attacks. First, they gain initial access to an environment using primarily identity attacks (via email, browser, password spray, etc.). Once the attackers have gained access to the organization, they then move laterally within the network to steal more credentials to gain elevated privileges and ultimately find an admin account that gives them access to data. Now that the attackers have access to the data, they can steal it, encrypt it, and deploy a ransomware payload to the resources of their choosing. This type of attack results in catastrophic outcomes for business operations that are very difficult to clean up.

**Ways to Prepare**

Given how common these ransomware attacks are and how easy they are to carry out, what can you and your organization do to prepare for future attacks?

First, we strongly recommend implementing a zero-trust approach. Based on the three principles of verify explicitly, use least-privileged access, and assume a breach, a comprehensive zero-trust architecture creates several safeguards within and across identity, endpoints, apps, infrastructure, network, and data. We not only recommend this approach with our customers and partners, but we also embrace it in our own approach to global security and software development here at Microsoft.

Next, integrated threat protection helps secure organizations by using the combination of extended detection and response (XDR) and security information and event management (SIEM) tools to detect attacks _while_ they are happening and stop them. Cloud-native SIEM systems can help eliminate security infrastructure setup and maintenance while scaling to meet organizational security needs and without being restricted by storage or query limits. Likewise, cross-domain threat protection, cloud security posture management (CSPM), and cloud workload protection (CWP) solutions can be deployed to increase efficiency and effectiveness while securing your digital estate.

Lastly, we recommend having a backup and incident response (IR) plan prepared in the event that your organization is compromised. It is crucial to back up all critical systems automatically on a regular basis and ensure all backups are protected against deliberate erasure/encryption. Your backup service should offer a centralized management interface to monitor, govern, and optimize data protection at scale, and you should look for a platform that can secure your backup platform whether data is in transit or at rest.

For incident response, organizations need to ensure rapid detection and remediation of common attacks on endpoint, email, and identity (ransomware operators love these three) by prioritizing common entry points and monitoring for adversaries disabling security. It is important to regularly practice these backup and incident response plans.

Mitigating human-operated ransomware attacks is a top priority for organizations worldwide. By implementing these strategies and tools outlined in our ransomware mitigation plan, organizations can be fearless, armed with the ability to secure everything without limits.

Source

DARKReading