HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.

HD Moore's company has rebranded its IT, IoT, and OT asset discovery tool as the platform rapidly evolves.

Source: HD Moore

Renowned security industry pioneer HD Moore — creator of the wildly popular Metasploit hacking toolkit — has renamed his startup Rumble to runZero in a nod to how its platform has evolved since its inception in 2019.

Moore initially built the IT asset discovery tool Rumble Network Discovery after years of witnessing firsthand as a penetration tester that organizations can't properly find, track, and manage IT devices on their networks, nor the security posture of those devices. He pioneered major research scanning for and discovering all types of exposed devices on the public Internet, ultimately developing the Rumble IT asset discovery tool that finds and fingerprints devices and their status on the network.

According to a blog post on the rebranding, the new name better reflects how the platform has evolved. Moore, the chairman and founding CTO of the startup, originally named the platform (and company) "Rumble" to mean "discover," but now that the platform can do more than find assets, he decided to rename it.

"Rumble was the perfect name for us at the time, but we've outgrown it. Each new integration we've added has extended Rumble's capabilities beyond discovery, by enriching asset data and uncovering coverage gaps in other IT and security tools," the company said in a blog post.

Moore's company received $5 million in venture capital in 2021.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Editors' Choice

Robert Lemos, Contributing Writer, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Ericka Chickowski, Contributing Writer, Dark Reading

Joshua Goldfarb, Fraud Solutions Architect - EMEA and APCJ, F5

Metasploit Creator Renames His Startup and IT Discovery Tool Rumble to 'runZero'

Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing.

Cloud data breaches are on the rise. In 2022, 45% of organizations reported a breach or compliance audit failure, representing a 5% increase from the year before. And just 11% reported that more than 80% of their sensitive data in the cloud is encrypted. With the help of red-team penetration testing, infosec developers have the ability to patch vulnerabilities before they reach end users. And as attacks continue to expand, red-team activities in the cloud are an absolute must for most organizations, and take up a growing chunk of infosec developers' time.

As a crucial layer of protection for businesses, infosec teams need technologies that make their work easier. Yet today, many cloud providers make security complex by overcomplicating either the deployment of required infrastructure or the pricing structure. This has to change. It's time for cloud providers to empower infosec developers with the right tools, platforms, and pricing to support essential testing and security work. Or risk breaches that cost money, reputation, and time.

**Companies Deserve Full Capabilities and Affordable Costs**

Security starts with the right strategy and tool set. When it comes to red-team activities, Kali is a top choice. A lightweight Linux distribution, Kali is open source and Debian-based, with a full suite of security testing tools. But Kali can be hard to use on some of the most popular cloud providers, like Amazon Web Services (AWS).

For one thing, deploying Kali Linux onto a cloud instance can be tedious and time consuming, especially if installing directly from an ISO using workarounds or exporting from a local VM. For example, though a penetration tester can set up a Kali Linux instance on Amazon's cloud, it's only available as an Amazon Machine Image (AMI) that runs Kali Linux on the Amazon Marketplace. This image doesn't include the full range of Kali's capabilities.

In addition to a challenging manual setup process, companies also need to grapple with pricing complexity — a problem that doesn't just affect finance teams but trickles down to developers too. Depending on the scope, size, and thoroughness of the engagement, penetration testing may require many instances and significant amounts of egress. On major cloud providers, these needs can run up a large bill. On top of that, pricing complexity may make these costs difficult to accurately estimate, placing an unfair responsibility on infosec professionals, developers, and business owners that may be expected to foresee (and prevent) high price tags.

While enterprise companies may not be concerned about these factors — they may have massive infosec teams to handle setup and deep pockets to deal with costs — small businesses will likely be more wary. As they grapple with a talent shortage and relatively tight budgets, they need partners that can support them in a different, more holistic way. Enter alternative cloud providers.

Though Kali is widely available, deploying it with a partner that offers deeper functionality and more thorough support at a fair cost is simply more practical, especially for SMBs. For security professionals in the cloud space to get the most of Kali, it must be offered as an officially supported distribution that can easily be deployed on any cloud instance. This ensures that the full range of testing opportunities and configurations supported by Kali Linux can easily run in the cloud. Akamai Linode offers Kali this way, giving end users access not only via the distribution but also as an app in Linode's marketplace. Another key differentiator is that alternative providers typically offer a higher level of support than other providers, helping SMBs tackle that tough initial setup, often with no added costs.

Pricing in general, not just for support, is more accessible through alternative providers as well. These players not only have more predictable, transparent costs thanks to flat rates, but some — like Linode — have generous transfer allowances and comparatively low overage costs. That's game-changing for penetration testers that deal with plenty of egress. Without worry about incurring significant extra costs, they can freely run the testing they need to protect their organizations.

**Consider Alternative Cloud Providers for Security Testing**

Every organization using cloud, no matter how small, should be doing security testing: cloud misconfiguration is the initial attack vector for 15% of all data breaches. And with breaches costing companies as much as $4 million dollars, they simply can't afford the risk.

As threats continue to grow, thorough and well-honed penetration testing is more important now than ever. And infosec teams need support. Let's arm these vital teams with key tools, easier deployment, and clearer, more affordable pricing schemes.

**About the Author**

    

Billy Thompson is a Solutions Engineering Manager on Akamai, Linode Compute, helping customers design portable architectures, and deploy them at scale for technical and business teams. Billy holds a degree in information security and has a special interest in IaC, Kubernetes, big data engineering, and Python and Rust programming languages. He is a longtime Arch Linux user and vegan, and never knows which to tell people first. Outside of work, he studies jujitsu, muay thai, and boxing. He also volunteers at his home for fostering and acclimating rescue dogs.

For Penetration Security Testing, Alternative Cloud Offers Something Others Don't

Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos’ John Shier.

Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos’ John Shier.

Dark Reading

Company research indicates ransomware gangs may be working in concert to orchestrate multiple attacks, explains Sophos’ John Shier. And in at least one curious instance, a gang covered up tracks of a gang that was that there before them. Is the Hive-LockBit-BlackCat joint venture a harbinger of threats to come? Shier weighs in and explains how organizations can better defend against this emerging threat.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Editors' Choice

Robert Lemos, Contributing Writer, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Ericka Chickowski, Contributing Writer, Dark Reading

Joshua Goldfarb, Fraud Solutions Architect - EMEA and APCJ, F5

Sophos Identifies Potential Tag-Team Ransomware Activity

InQuest’s Pedram Amini takes a deep dive into file detection and response as a way to prevent file-borne attacks.

InQuest’s Pedram Amini takes a deep dive into file detection and response as a way to prevent file-borne attacks.

Dark Reading

File-borne attacks are a mainstay of the threat landscape and InQuest’s Pedram Amini takes a deep dive into file detection and response as a way to prevent such attacks. He describes what automated threat hunting is and how it can make a difference; Amini also says automated thrteat hunting can help with the hiring and retention issues most organizations are facing. He also talks about how Inquest’s own automation capabilities are enabled.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Editors' Choice

Robert Lemos, Contributing Writer, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Ericka Chickowski, Contributing Writer, Dark Reading

Joshua Goldfarb, Fraud Solutions Architect - EMEA and APCJ, F5

InQuest: Adding File Detection and Response to the Security Arsenal

Secureworks’ Nash Borges describes how his team has applied AI and ML to threat detection.

The marketing hyperbole is plenty loud when it comes to artificial intelligence and its subset, machine learning, in the SOC and data center, and Secureworks’ Nash Borges offers a reality check on the emerging technologies. Borges takes a deeper cut at what it takes to add AI into the technology mix in a SOC. In a practical example, he describes how his team has applied AI and ML to threat detection. Borges also addresses whether AI is the panacea it’s built up to be for security management.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Secureworks: How To Distinguish Hype From Reality With AI in SecOps

Novel ransomware was created with the Go open source programming language, demonstrating how malware authors increasingly are opting to employ the flexible coding language.

Cybercriminals are swarming to deploy an emerging ransomware variant called BianLian that was written in Go, the Google-created open source programming language.

BianLian has been rising popularity since it was first outed in mid-July, according to researchers at Cyble Research Labs, which published details on their study of the ransomware in a blog post last week. Threat actors so far have cast a wide net with the novel BianLian malware, which counts organizations in media and entertainment; manufacturing; education; healthcare; and banking, financial services, and insurance (BFSI) among its victims so far.

Specifically, the media and entertainment sector has taken the brunt of BianLian attacks, with 25% of victims in this industry so far, and 12.5% each in the professional services, manufacturing, healthcare, energy and utilities, and education sectors, according to Cyble.

Attackers using BianLian typically demand unusually high ransoms, and they utilize a unique encryption style that divides the file content into chunks of 10 bytes to evade detection by antivirus products, the researchers said. "First, it reads 10 bytes from the original file, then encrypts the bytes and writes the encrypted data into the target file," the Cybel researchers wrote in the post.

BianLian's operators also use double-extortion methods, threatening to leak key stolen data — such as financial, client, business, technical, and personal files — online if ransom demands aren't met within 10 days. They maintain an onion leak site for this purpose.

**How the Ransomware Variant Works**

BianLian functions similarly to other ransomware types in that it encrypts files once it infects a targeted system and sends a ransomware note to its victims letting them know how to contact the operators.

Upon execution of the ransomware, BianLian attempts to identify if the file is running in a WINE environment by checking the _wine\_get\_version()_ function via the _GetProcAddress()_ API, the researchers said. Then, the ransomware creates multiple threads using the _CreateThread()_ API function to perform faster file encryption, which also makes reverse engineering the malware more difficult, they said.

The malware then identifies the system drives (from A:\\ to Z:\\) using the _GetDriveTypeW()_ API function and encrypts any files available in the connected drives before dropping its ransomware note, the researchers said.

BianLian also is notable in that uses Go as its foundational language, giving threat actors more flexibility in both developing and deploying the malware, the researchers said. "We have seen many threats developed using the Go language, such as Ransomware, RAT, Stealer, etc.," they wrote.

Go's cross-platform capability enables a single codebase to be compiled into all major operating systems. This makes it easy for threat actors — such as the ones behind BianLian — to make constant changes and add new capabilities to a malware to avoid detection, the researchers said.

Other cyber threats written in the so-called GoLang that have been active in the past year include a botnet called Kraken that recently resurfaced, as well as Blackrota, a heavily obfuscated backdoor.

While increased efforts by international law enforcement to crack down on the actors behind major cybercriminal groups has had some impact on ransomware, new threat operators and ransomware variants have perennially risen to replace now-defunct ones.

Cyble reiterated in its blog post some best practices for ransomware defense: running regular, offline backups; keeping device software updated, ideally using automatic software updates; running anti-malware software on devices; and avoiding opening any suspicious or unknown links and attachments.

New 'BianLian' Ransomware Variant on the Rise

Tanium’s Chris Hallenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility.

Tanium’s Chris Hallenbeck explains how converged endpoint management helps overcome obstacles to endpoint visibility.

Dark Reading

Thanks to the pandemic and working from home, endpoint visibility remains one of the biggest challenges for infosec professionals. Tanium’s Chris Hallenbeck explains how converged endpoint management helps overcome those obstacles. He also addresses the reality of siloed systems and how security professionals can overcome the challenges with integrating them. And Hallenbeck discusses what organizations can do to maximize endpoint visibility in order to keep their users and their data secure.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Editors' Choice

Robert Lemos, Contributing Writer, Dark Reading

Jai Vijayan, Contributing Writer, Dark Reading

Ericka Chickowski, Contributing Writer, Dark Reading

Joshua Goldfarb, Fraud Solutions Architect - EMEA and APCJ, F5

Tanium: Taking A Deeper Cut At Converged Endpoint Management

Pentera’s Omer Zucker outlines exposure management’s biggest challenges in closing security gaps.

Exposure management is a combination of attack surface mapping, vulnerability assessment, and validation, and seeks to keep networks more secure. Pentera’s Omer Zucker outlines exposure management’s biggest challenges in closing security gaps. He also describes how security pros can combine attack surface mapping, vulnerability assessment, and validation to enhance their security posture. And Zucker offers some tips for getting started with exposure management.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Pentera Helps Enterprises Reduce Their Security Exposure

Threat intel has changed over the years and that’s changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco.

Threat intel has changed over the years and that’s changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco.

Dark Reading

Threat intel has changed over the years and that’s changed how customers use it, says Matt Olney, director of Talos threat intelligence and interdiction at Cisco. He discusses new ransomware dangers and what users can do to protect themselves. And he describes in detail how Cisco intelligence was used to respond to a recent large-scale security event. He closes with some tips about how to better protect your organization against ransomware.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cisco: All Intelligence is Not Created Equal

Replacing passwords is not as easy as people think, but there is hope.

Although analysts have predicted the death of passwords for many years, passwords are still the predominant authentication credential used for many applications and IT systems. The reason for this is simple — everyone knows how passwords work, which makes them more convenient to use.

As a result, 80% of all company data breaches and hacking incidents result from stolen or compromised passwords. It's not hard to see why. The average user has more than 90 online accounts — almost all requiring a password that more than half of those same users reuse. And with a record 1,862 data breaches in 2021 at an average cost of $4.24 million per breach, it's no wonder that more than 555 million passwords are available on the Dark Web.

Passwords are proliferating across our digital world and getting stolen in record numbers every year, but it doesn't have to be this way.

**The Twin Dilemma of Security vs. Convenience**

Enterprises can address this problem today. In fact, many are already enhancing existing passwords with a second factor — for example, sending an out-of-band code via SMS or email. The technology exists for even stronger login credentials, but these often significantly impact the user experience, which hurts adoption with internal users (employees) or retention with external users (consumers).

Organizations are faced with a complex balancing act: They need to improve their authentication process so that login credentials provide the needed security while being easy to use. But those credentials also have to be difficult for hackers to steal or compromise. Oh, and let's not forget that this enhanced authentication mechanism must be cost effective, too.

Over the years, many types of login credentials emerged that were effective in one or two areas but fell short in the others. But, there is hope.

**Size and Scope**

The size and scope of the problem must also be taken into consideration. For large enterprises, these challenges are multiplied because of the sheer number of applications running across their hybrid environments, from the cloud to the mainframe. You hear a lot about the cloud, but how often do you hear someone mention the mainframe? Did you know that mainframes handle 90% of all credit card transactions, or that mainframes handle 68% of world's production IT workloads? For many of our strategic customers, the mainframe is more mission critical than anything running in the cloud.

A truly effective identity security solution needs to cover all aspects of an organization's infrastructure — everything from the mainframe to distributed servers, from virtualized to multicloud environments, managing access across business applications, privileged accounts, and everything in between.

**The Convergence of Technology and Standards**

The missing link in efforts to improve this identity security challenge is a failure to recognize that replacing the password is not as easy as people think. But there are several trends that may help accelerate the death of the password once and for all.

The first is the smartphone. According to Ericsson, the number of smartphone users in the world today is about 6.6 billion, which translates to almost 84% of the world's population. These devices are not only ubiquitous but are also responsible for teaching users how to use their fingerprint to unlock their devices and take a selfie. Biometrics is not an abstract concept anymore — it is becoming familiar even to people who struggle to use a computer.

The second trend is one of standardization, specifically the growing support for FIDO or Open ID Connect. These new security standards help facilitate the exchange of identity and authentication information between an identity provider and an application. These standards eliminate the need for passwords and replace them with passwordless techniques, such as biometrics (a single finger swipe on your phone). However, there are many mainframe and web applications that were never designed with support for these standards and therefore cannot leverage passwordless authentication — that is, not without major redesign or a little help.

For newer or smaller enterprises, it may be relatively easy to modify applications to be compatible with FIDO or OpenID Connect. However, for larger enterprises this problem is significant because the bulk of their mission-critical apps may need to be modified, and this may not be financially feasible. As a result, while newer applications are built with passwordless authentication mechanisms, they are addressing only a subset of enterprise applications, networks, and environments.

An effective security system needs to cover all an organization's digital assets. If not, the bad guys will always find the weakest link. Only through a holistic approach can enterprises solve the biggest pain points in identity security by replacing the need for passwords with a single passwordless sign-on procedure for everything in our digital world.

Source

DARKReading