Noname Security's Shay Levi joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about making code more secure.

Software code has come under attack in innovative and deeply troubling ways, says Noname Security CTO and co-founder Shay Levi. These attacks have altered the security landscape for both developers and their organizations, not to mention their suppliers, partners, and customers. API security testing has emerged as one solution, as has a more proactive approach to application security, without impeding development speed and efficiency, Levi says.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Noname: Proactiveness Is the Name of the Game in App Security

Lacework's Mark Nunnikhoven joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about AI and cloud security.

Artificial intelligence is essential for endowing multicloud environments with greater visibility, insights and actions, according to Mark Nunnikhoven, distinguished cloud strategist for Lacework. And AI is key to automating security tasks, he adds. AI, in turn, can help enable faster innovation with security built in from the first line of code, as well as gain meaningful security insights to build apps quickly and confidently by highlighting any potential issues well before they reach production, according to Nunnikhoven.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Lacework Blends Artificial Intelligence and Automation to Bolster Cloud Security

Darktrace's Mike Beck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about risk management.

Pressure to reduce and manage risk — internally and externally — is more urgent than ever, according to Mike Beck, global CISO for Darktrace. That's why organizations require more sophistication and integration in their security management platforms. Beck discusses some of the features of Darktrace's new Prevent platform as well as some of the common use cases Prevent can address.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Prevent Breaches and Malware With Proactive Defenses

The certificate management company plans to integrate DNS services throughout its portfolio.

DigiCert has acquired DNS Made Easy, a provider of managed Domain Name System (DNS) services for enterprises, as well as affiliated brands, including Constellix.

The addition of DNS Made Easy enhances the company's certificate validation and lifecycle management portfolio, it said in a company statement on the acquisition. Specifically, DigiCert will integrate domain control validation into its certificate offering and pave the way for simplified DNS configuration, it said.

“The integration of DigiCert and DNS Made Easy adds value to customers,” said Greg Clark, managing partner at Crosspoint Capital Partners and chairman of DigiCert’s Board of Directors, in the statement. “In addition to providing excellent DNS services, this combination enhances the security of certificate validation and enables the automation of future validations, paving the way for automated certificate lifecycle management."

Terms of the deal were not disclosed.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DigiCert Acquires DNS Made Easy

Okta's Marc Rogers and Auth0's Jameeka Aaron join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about remote work security.

Okta's Marc Rogers and Auth0's Jameeka Aaron discuss the biggest threats connected to identity, as well as how the move to hybrid work compounds the challenge of keeping users — and their data — secure. The two also examine the role of zero trust in the identity equation, as well as the bot attacks and breached credentials that plague the consumer space.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Identity-First Security Helps Reduce and Neutralize Enterprise Threats

The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.

Malware botnet Emotet has resurfaced in a more advanced form after having been taken down by joint international task force in January 2021.

A prolific threat throughout the pandemic, the Emotet malware began as a banking trojan in 2014, and its operators were one of the first criminal groups to provide malware-as-a-service (MaaS).

While it is still utilizing many of the same attack vectors it exploited in the past, Emotet's return has been accompanied by a boost in effectiveness in collecting and utilizing stolen credentials. The report noted that these stolen credentials are also being weaponized to further distribute the malware binaries.

"The attacks are using hijacked email threads and then using those accounts as a launch point to trick victims into enabling macros of attached malicious office documents," a Thursday report from Deep Instinct explained.

In addition, Emotet is utilizing 64-bit shell code, as well as more advanced PowerShell and active scripts, with nearly a fifth of all malicious samples exploiting the 2017 Microsoft vulnerability CVE-2017-11882.

The attacks have focused largely on victims in Japan, with an expanded focus on targets in the United States and Italy starting from March this year.

The Deep Instinct team also wrote a detailed blog post on the technical details of what they found back in November.

Chuck Everette, Deep Instinct's director of cybersecurity advocacy, says the company's Threat Research Team has been monitoring the re-emergence of Emotet since Q4 of last year.

"We use internal code and binary similarity algorithms on our cloud backend to associate and correlate new variants of a select set of campaigns which we monitor very closely, Emotet being one of them," he explains.

In particular, several static evasion methods are very characteristic of Emotet, and upticks in those in new variant waves are very indicative of Emotet activity, Everette tells Dark Reading.

"These attacks definitely have similar characteristics that they've had in the past," he says. "They now, however, have some new and improved techniques and tactics."

One of them, Everette noted, is the streamlining of the product and removal of the middle stage of the attack.

Additionally, they've switched from non-secure HTTP to secured HTTPS communications, and they've also added in code obfuscation techniques to the payload.

"The Emotet Gang are professionals. They know how to run a successful phishing campaign and have now upped their game with new sophisticated attack techniques," Everette says. "However, the primary delivery method is still phishing emails, and the human factor is the weakness."

He advises organizations to be continuously diligent about cybersecurity awareness by training their employees, as well as monitoring and adding prevention capabilities to keep these types of phishing attacks out of their environment.

"If you make yourself more difficult to attack than another company, they will go after the easier target," he says. "Make sure you're the harder target to penetrate. Educate your employees."

**Emotet & TrickBot: Together Again?**

Regarding Emotet's previous ties to the TrickBot trojan, Everette acknowledged that there's quite a bit of speculation around the status of the relationship now, but the most common thought is that there's a continued collaboration between these cybercriminal entities.

"TrickBot and Emotet have a long history of collaboration," he said. "As we know, with the rise and fall of the cyber gangs, members often move between organizations. This creates alliances and knowledge-sharing. With Emotet and TrickBot, it's just one of these alliances that has lasted and weathered several take-down attempts."

From his perspective, Emotet is no different than other cyber-gangs that have been taken down — 90% of these cyber gangs resurrect in one way or another.

"The major difference with Emotet is, you're still using a good majority of the original code, given more sophisticated techniques, and they seem to be keeping the same name," Everette said. "Their operations have not changed, because they were highly successful in the past."

He added that there are also indicators that the group has moved some of its infrastructure out of the European arena and down to South America, mainly Brazil.

Emotet Banking Trojan Resurfaces, Skating Past Email Security

Cisco's Jeetu Patel joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the power of information sharing.

RSA keynoter and Cisco executive Jeetu Patel talks to the Dark Reading News Desk about the power of information sharing, an integrated approach to security, and how to give users controlled, trusted access to applications and services. Patel also discusses the Security Poverty Line, how it impacts the state of cybersecurity, and how to elevate those who may fall below the line.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Cisco Makes Resilience a Cornerstone of Security Strategy

Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.

John Shier, senior security advisor for Sophos, shares original research data on adversaries and the ongoing scourge of ransomware. Spoiler alert: Things aren't getting better, as bad actors pivot to more sophisticated tactics to avoid detection. In addition to the rising costs of ransomware attacks, Shier also makes the case for a layered security approach to keep company assets more secure.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Sophos: Keeping Tabs on the Bad Guys Using Threat Research

The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.

Networking giant Cisco has unveiled a plan to simplify security operations, including the debut of an open security platform called Security Cloud, conceived as a unified platform for end-to-end security across hybrid multicloud environments.

The platform offers threat prevention, detection, response, and remediation capabilities, as well as less-intrusive methods for risk-based authentication, including a Wi-Fi fingerprint.

Cisco is also emphasizing intelligent user and device identity verification checks that run continuously and in the background.

**Horizontal Coverage**

TK Keanini, CTO of Cisco Secure, explains that in an age where organizations are protecting assets across multiple clouds — be they Microsoft Azure, Amazon AWS, or Google Cloud Platform — security teams are struggling to provide uniform, horizontal coverage across this infrastructure.

"We're trying to abstract away networking and security to a layer that is completely horizontal across that which you protect — your compute and storage," Keanini says. "Where before, networking and security were sometimes living in those silos, we're now logically above it. We want to provide a function that's consistent and has the economics of cloud."

Featuring Cisco Meraki SD-WAN technology, the secure access service edge (SASE) subscription service Cisco+ Secure Connect Now streamlines deployment and management of SASE through a cloud-managed platform with a unified dashboard.

A unified Secure Client is designed to help simplify the streaming of Cisco Secure agents, including AnyConnect, Secure Endpoint, and Umbrella.

"With Secure Connect, we tried to basically abstract away the complexity and hand you an application experience," Keanini says. "We're going after a person who doesn't ever want to be a networking expert, or they just want the network to work, and they want to control it via an app."

Cisco is also leveraging the OpenID Foundation's Shared Signals and Events standards, including CAEP and RISC, to build session trust analysis by sharing information between vendors.

The company also has enhanced its Secure Cloud Analytics, which automatically promotes alerts into SecureX and maps those alerts to MITRE ATT&CK.

It also debuted the Secure Firewall 3100 Series, which features an AI-powered encrypted visibility engine, uses machine learning (ML) technology to uncover threats, and offers a custom security research service, called Talos Intelligence On-Demand.

Keanini says that the through line with all of these services, as well as with Cisco's Security Cloud vision, is simplicity — specifically, providing services that remove complexity for organizations and individuals.

"You're good if you provide security, but you're even better if you provide security and usability," he says. "If you're going to reach the common person that just never wants to be a security expert, you got to deliver an application experience. That's really simple."

Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio

AI works best when security professionals and AI are complementing each other.

Artificial intelligence has advanced greatly in the past decade. On my phone, I'm reading Apple and Google news that is well-tailored to me, thanks to AI recommendation models. Self-driving cars are already picking up passengers for rides in downtown San Francisco.

The same transformation is happening in the cybersecurity world too. However, questions remain: Will AI replace security professionals? Or will AI still be as useful in the zero-trust era given that access is tightened to the minimum already?

AI was introduced to the center stage of the cybersecurity industry a few years ago, originally to tackle malware detection and anomaly detection use cases. We have come a long way to better understand both the usefulness and the limitations of applying AI to cybersecurity, especially in the zero-trust era.

**AI Is Still Needed**

First, a zero-trust architecture doesn't remove the need for AI. Though zero trust eliminates the attack surface and reduces the chance for the anomaly to happen, zero trust demands AI more.

Today, an enterprise user's security policy is typically that person's department security policy. Whether users are in a big or a small department, they all follow very similar, if not the same, security policy, including access control policy.

In the zero-trust era, we need a personalized, contextual, dynamic, and granular security policy — which is exactly what zero trust is about. Access control, for instance, is no longer based on simple rules but a set of complex policies based on your identity, your device, your posture, your intention, your risks, your content, and a lot of rich data points.

However, generating such complex, granular, and personalized policy _at scale_ can be very time-consuming if relying on human rules and heuristics. Different employees will use different applications and such application usage may need to evolve fast in a short period of time. AI is a critical technology to make such an intelligent and personalized security policy recommendation at scale.

At the same time, it is impossible for AI to capture or comprehend all the nuances and contexts of any complex environment, so AI may make recommendations that are suboptimal from experts' eyes. With ongoing human feedback, we can improve the AI model and its effectiveness.

**Threat Detection**

Second, zero trust gives the enterprise much tighter protection than it has had in the past, but no matter how tightened things are, there is always a weak link somewhere. Therefore, we want AI to assist with evasive and unknown threat detection and prevention.

Some evasive threats are undetected in time by conventional signature-based or sandbox technology. The SolarWinds supply chain attack is a good example. This global attack turned the SolarWinds Orion software into a weapon, subsequently gaining access to several government systems and thousands of private systems around the world. There was no involvement from any malware by the traditional definition, and it was hard to rely on any single layer of the conventional technology to detect such an attack ahead of time.

AI has a good potential to be the technology to do a better job with unknown threat detection because it can "predict" threats that have never been seen before.

Practically, we will want to layer multiple security technologies along with AI. For instance, in the case of malware, the tried-and-true approach of signature matching and sandbox will continue to play a key role. AI will complement greatly, but not displace, the conventional technology.

**Easily Understood**

Third, enterprise customers want to utilize AI in a way that is easily understood and digestible by security professionals. The "explainable AI" may not improve the AI model efficacy on the surface, but it will increase the adoption of AI significantly.

For instance, AI may be able to detect an unknown threat, but SecOps teams may want to see which family the threat belongs to before taking an action. For another example, AI may be able to generate intelligent and relevant security policy recommendations, but SecOps teams may still want to know the context of why certain recommendations are made before accepting them.

**Conclusion**

The cybersecurity industry needs AI to help reduce unknown attacks at scale and come up with granular and contextual security policies at scale to reduce the attack surface. We want the result to be explainable too.

AI-powered security tools and products are an amazing digital assistant to SecOps professionals. And professionals are assisting AI technology to advance, too, as we will need humans to verify many of the outputs and/or provide feedback for the AI model to improve.

AI is useful to scale the enterprise security functions, like more-intelligent policies and more-intelligent threat detection as discussed above. AI works best when security professionals and AI are complementing each other. In the end, AI is an assistant to security professionals and will not be a replacement for human effort for a long time to come.

Source

DARKReading