WeLeakInfo.to and two related domains let users search data stolen in more than 10,000 different breaches.

The Justice Department and FBI today announced that three separate Internet domains have been seized for offering access to stolen data and performing network attacks. 

The domains include WeLeakInfo.to, ipress.in, and ovh-booter.com, the announcement said. The sites reportedly offered users access to search engine for more than 7 billion records filled with stolen personal information including names, email addresses, usernames, phone numbers, and online account passwords, the agencies said. The compromised data was collected through more than 10,000 individual data breaches, according to the law enforcement statement. 

"These seizures are prime examples of the ongoing actions the FBI and our international partners are undertaking to disrupt malicious cyber activity," Special Agent in Charge Wayne A. Jacobs said about the illicit site seizures. "Disrupting malicious DDoS operations and dismantling websites that facilitate the theft and sale of stolen personal information is a priority for the FBI."  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Feds Seize Domains Dealing Stolen Personal Data

Contextual Intelligence derived with machine learning helps customers identify, assess and remediate threats from IoT devices on their networks, achieving full visibility and control.

**SANTA CLARA, Calif. – June 1, 2022 –** Netskope, the leader in Security Service Edge (SSE) and Zero Trust, today announced it has acquired WootCloud, an innovator in applying Zero Trust principles to IoT security. The acquisition brings to Netskope WootCloud’s award-winning HyperContext® Security Platform, which provides end-to-end visibility, context, and threat remediation for managed and unmanaged devices, and will extend Netskope’s acclaimed SSE and Zero Trust capabilities to protect enterprise IoT devices at scale.

The massive volume of Internet-connected devices continues to expand; by 2025, there will be 55.7 billion connected IoT devices (“things”), generating almost 80B zettabytes (ZB) of data\[1\]. WootCloud technology will enable Netskope customers to support both user- and device-centric policies with Zero Trust principles applied to govern access and interactions with critical data. As Gartner® notes, by 2026, 50% of organizations will prioritize advanced data security features for inspection of data at rest and in motion as a selection criterion for SSE, up from 15% in 2021\[2\].

Founded in 2016 in San Jose, Calif., WootCloud offers device discovery, classification, and control to help customers gain deep visibility and context into all devices on their networks (both managed and unmanaged) and provide a risk and threat assessment measurement for devices that can be leveraged within a broader IoT security strategy. WootCloud’s cloud-based platform is capable of collecting billions of daily measurements of device characteristics, and this telemetry data is further analyzed using proprietary AI/ML models for device classification, risk assessment, and threat detection.

WootCloud critical uses cases include:

*   **Device classification and visibility** to discover managed and unmanaged devices, classify and provide contextual information, and provide deep insights that “true-up” an asset inventory
*   **Device Risk,** dynamically ascertained bycontinuous real-time monitoring to detect malicious behavior, and exchange device attributes with security operations tools for remedial actions.
*   **Access control and segmentation** to offer dynamic asset grouping, automate network segmentation, and facilitate various actions using existing Network Access Control (NAC), firewalls, access points, and other technologies
*   **Cybersecurity asset management** to drive compliance with corporate policies and gain insights into license use, helping to optimize the total IT environment

“Securing a hybrid work environment includes the ability to establish adaptive zero trust across users, devices, networks, applications, and data— increasing confidence in policy enforcement everywhere,” said Sanjay Beri, CEO and co-founder of Netskope. “WootCloud’s innovative technology will further extend Netskope’s industry-leading SSE and Zero Trust capabilities, ensuring that critical data is protected from the network, to the cloud, to enterprise IoT devices.”

“Netskope is an unquestioned leader in Security Service Edge and Zero Trust, and it makes perfect sense to combine and extend our collective capabilities to protect enterprise IoT devices at scale,” said Amit Srivastav, CEO of WootCloud. “We are so proud of what we have achieved with WootCloud, and we are excited to join Netskope for this next stage of the growth journey.”

“WootCloud has been a fantastic partner to Dartmouth, designing and executing solutions to meet Dartmouth’s enterprise security needs,” said Mitchel Davis, Vice President and Chief Information Officer, Dartmouth College. “WootCloud’s decision to join Netskope will help the combined company continue to grow in a way that will prioritize scale while preserving the innovation that made WootCloud special. Netskope is a well-recognized security leader, and we are excited to continue this partnership.”

Zero Trust principles are critical to the implementation of Secure Access Service Edge (SASE), which converges critical security, networking, and business value requirements into one technology architecture. Gartner cites that, b​y 2025, at least 60% of enterprises will have explicit strategies and timelines for SASE adoption encompassing user, branch and edge access, up from 10% in 2020\[3\]. Properly implemented SSE, which describes the security stack needed to enable SASE architecture, fundamentally includes zero trust and transforms what enterprises can achieve for security at scale.

Financial terms of the acquisition are undisclosed. WootCloud CEO Amit Srivastav has joined Netskope as an Executive Advisor to the CEO, and all of the WootCloud engineering team, led by the original founding CEO Srinivas Akella, have joined Netskope’s engineering organization.

Visit Netskope.com for more on Netskope capabilities for SSE, IoT security and Zero Trust.

**About Netskope**

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data. The Netskope Intelligent Security Service Edge (SSE) platform is fast, easy to use, and secures people, devices, and data anywhere they go. Netskope helps customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, and private application activity. Thousands of customers, including more than 25 of the Fortune 100, trust Netskope to address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements. Learn how Netskope helps customers be ready for anything on their SASE journey, visit netskope.com.

\[1\] IDC, “Future of Industry Ecosystems: Shared Data and Insights,” January 2021

\[2\] Gartner, “Critical Capabilities for Security Service Edge, John Watts, Craig Lawson, Charlie Winckless, Aaron McQuaid, 16 February 2022.

\[3\] Gartner 2021 Strategic Roadmap for SASE Convergence, Neil MacDonald, Nat Smith, Lawrence Orans, Joe Skorupa, March 25, 2021

Netskope Acquires WootCloud, Extending Zero Trust Capabilities to Enterprise IoT

Combined company creates world-class security operations platform to offer customers unmatched visibility and detection to defend against threats.

TAMPA, Fla., June 01, 2022 (GLOBE NEWSWIRE) -- ReliaQuest, a force multiplier of security operations, today announced that it has entered into an agreement to acquire Digital Shadows, a company that delivers threat intelligence for security teams, for $160 million. The acquisition combines ReliaQuest’s ability to extend detection and response across cloud, network, and endpoint environments with Digital Shadows' digital risk and threat intelligence technology. This gives security operations teams the ability to detect and respond to threats with real-time internal and external visibility.  

“Combining the internal visibility provided by ReliaQuest with the external threat intelligence and digital risk monitoring brought by Digital Shadows creates an end-to-end picture for enterprises around the world,” said Alastair Paterson, co-founder and CEO at Digital Shadows. “The complementary technical capability, shared cultural values, and geographic synergies offered by the combined companies make this a great opportunity for our customers and our partners.”

Security teams are stretched between investigating and responding to threats they can see while working to increase visibility across both security and business applications where they have limited visibility to detect and respond. The ability to extend and automate detection and response across both security and business applications is critical to a successful security program.

ReliaQuest and Digital Shadows will make security operations more effective by integrating the digital risk and threat intelligence that security leaders care about into a security operations platform that increases visibility, reduces complexity, and manages risk. The new offerings will drive down response time, provide context around threats and allow for an end-to-end view, all while decreasing the cost of visibility. Security operation teams can leverage automation with confidence to free up time to focus on the specific areas that matter the most.

“Alastair Paterson and James Chappell built a world-class team, technology, and culture in Digital Shadows and I am looking forward to our organizations working together to make security possible for organizations all over the world,” said Brian Murphy, founder and CEO at ReliaQuest. “The combination of ReliaQuest and Digital Shadows makes a lot of sense for our customers, our partners, and both of our teams. We have a responsibility and opportunity to leverage our collective expertise to continue to tackle what I believe to be the largest technical challenge of our generation, cybersecurity.”

ReliaQuest’s GreyMatter is a cloud native platform built on an Open XDR architecture, and delivered as a service, extending detection and response across a customer’s network, cloud, and endpoint for both security and business applications. Digital Shadows’ platform was built with today’s overloaded security analyst at heart, who demanded a more relevant and actionable approach to threat intelligence. The addition of Digital Shadows to ReliaQuest’s GreyMatter platform provides an important outside-in perspective to ReliaQuest’s already robust detection and response capability.

The transaction has received the approval of both companies’ Board of Directors and is subject only to customary closing requirements and regulatory approvals.

For more information about ReliaQuest, please visit our website.

**About ReliaQuest**  
ReliaQuest, the force multiplier of security operations, increases visibility, reduces complexity, and manages risk with its cloud native security operations platform, GreyMatter. ReliaQuest GreyMatter is built on an XDR architecture and delivered as a service anywhere in the world, any time of the day, by bringing together telemetry from tools and applications across cloud, on-premises and hybrid cloud architectures.

Hundreds of Fortune 1000 organizations trust ReliaQuest to operationalize security investments, ensuring teams focus on the right problems while closing visibility and capability gaps to proactively manage risk and accelerate initiatives for the business. ReliaQuest is a private company headquartered in Tampa, Fla., with multiple global locations. For more information, visit www.reliaquest.com.

**About Digital Shadows**  
Digital Shadows provides threat intelligence that delivers for every security team. Our platform was built with today’s overloaded security analyst at heart, who demanded a more relevant and actionable approach to threat intelligence. SearchLight focuses on digital risks that organizations care about, using a proven threat model that adapts to the organization risk profile and appetite. This approach delivers a low noise solution, allowing security teams to work faster and with less resources than ever before. To sign up for our free weekly threat intel digest or learn more about our platform, visit www.digitalshadows.com.

ReliaQuest to Acquire Digital Shadows

Password management solution delivers proactive, seamless approach to protecting privacy and login credentials for consumers and businesses; Password Management market expected to reach $3 billion by 2026.

**SAN FRANCISCO, June 1, 2022** — Lookout, Inc., a leading provider of endpoint and cloud security solutions, today announced it has acquired SaferPass, an innovative Password Management company that provides secure online identity solutions for both consumers and businesses. By adding Password Management technology to its suite of security solutions, Lookout is expanding on its mission to deliver proactive protection and safeguard customer data for individuals and businesses.

Whether shopping online, banking, or connecting to corporate applications and email, usernames and passwords have become the standard form of authentication to validate a user’s identity and enable access to sensitive information. Passwords can be difficult to use and incredibly insecure, especially in cases where a user has many accounts. On average, people have more than 100 accounts with an associated password to remember. In addition, human-generated passwords are often algorithmically weak; according to the Verizon Data Breach Investigations Report, 81% of data breaches leveraged weak, stolen or reused employee passwords, and every time a password is reused, it opens the door to a potential data breach. Additionally, nearly 64% of people reuse the same passwords across their online accounts. If login credentials are compromised, the consequences can be serious – including personal identity theft or stolen corporate information.

SaferPass delivers a robust, innovative solution for identity and password management to both consumers and businesses, enabling users to securely manage their passwords, banking and other sensitive information across devices. The SaferPass solution provides an encrypted digital vault that stores secure login information used to access services through mobile apps and web browsers. In addition to keeping a user’s identity, credentials and sensitive data safe, the product helps create strong, unique passwords through a password generator tool that ensures the individual is not using the same password in multiple places and that their password has not been compromised in a previous breach.

According to Mordor Intelligence, the Password Management market on its own, was valued at over $1.2 billion in 2020 and is expected to reach over $3 billion by 2026.

“We are pleased to welcome the SaferPass team to Lookout, and excited to combine our respective solutions to deliver better value to consumers and businesses alike,” said Jim Dolce, Lookout CEO. “Today, every password owned by an employee is a potential access point to organizations both small and large. At the same time, large scale data breaches have leaked billions of consumer emails and passwords on the dark web, putting individuals at risk of identity theft and financial fraud. The SaferPass team shares our vision for providing seamless security solutions that address all access points and protect personal and corporate data wherever it may reside. This is an exciting next step in Lookout’s evolution.”

The acquisition of SaferPass broadens the Lookout portfolio of security solutions and expands the opportunity for its carrier ecosystem and channel partners – it also expands Lookout’s footprint in Central Europe through its new location in Bratislava, Slovakia. SaferPass will now operate under the Lookout brand and leadership and the SaferPass team will be fully integrated into the Lookout organization. The financial terms of this transaction have not been disclosed.

****Additional Resources****

*   To learn more about Lookout for SMBs and Consumers, visit: https://protection.lookout.com/
*   To learn more about the Lookout Security Platform, visit: https://www.lookout.com/products/platform
*   Sign up for a free trial of Lookout.

Follow the Lookout blog and join the conversation on LinkedIn and Twitter.

Lookout Acquires SaferPass To Address The Rising Threat Of Identity Theft

EnemyBot DDoS botnet is rapidly weaponizing security bugs disclosed in CMS systems like WordPress plug-ins, Android devices, commercial Web servers, and other enterprise applications.

An Internet of Things (IoT) botnet dubbed “EnemyBot" is expanding its front lines to target security vulnerabilities in enterprise services — potentially leading to it being a much more virulent threat than it has been, researchers say.

EnemyBot, which is controlled by a threat actor known as Keksec, is a Linux botnet that emerged on the malware scene in late March. It shares source code with two other well-known botnets, Gafgyt (aka Bashlite) and the mighty Mirai, according to a prior analysis from Fortinet. Like those threats, EnemyBot is used to carry out distributed denial-of-service (DDoS) attacks. Other aspects of the code include smaller elements from Qbot and other malware, and some custom development.

While it began life focusing on adding IoT devices and routers to its botnet footprint, EnemyBot has now evolved to add remote code execution (RCE) exploits for a host of popular business applications, including VMware Workspace ONE, Adobe ColdFusion, WordPress sites (via vulnerable plug-ins like Video Synchro PDF), PHP Scriptcase, and others, according to researchers at AT&T Labs. 

Researchers discovered that the group is using a mix of recent, so-called "one-day" bugs, as well as older known issues, looking to take advantage in lags in patching.

Keksec is "now targeting IoT devices, web servers, Android devices and content management system (CMS) servers," according to the firm's recent report, which notes that the latest version of EnemyBot adds a webscan function containing a total of 24 exploits to attack vulnerabilities of different devices and Web servers and self-propagate. 

The enterprise-focused exploits that were recently added include:

*   Log4Shell vulns: CVE-2021-44228, CVE-2021-45046
*   F5 BIG IP devices: CVE-2022-1388
*   Spring Cloud Gateway: CVE-2022-22947
*   TOTOLink A3000RU wireless router: CVE-2022-25075
*   Kramer VIAWare: CVE-2021-35064
*   PHP Scriptcase: No CVE yet assigned
*   Adobe ColdFusion 11: No CVE yet assigned

"The nature of devices and systems targeted through EnemyBot is different than vulnerabilities aimed at corporate datacenters," Bud Broomhead, CEO at Viakoo, tells Dark Reading. "WordPress installations, Android devices, IoT devices and other targets for EnemyBot are all widely deployed (therefore might be hard to find), are operated by organizations of all sizes, and are often managed by lines of business that lack cybersecurity skills."

**EnemyBot: A Super Soldier?**

In addition to the DDoS capabilities, EnemyBot can also receive commands to download and execute new code that could add to its functions or update its vulnerability list, according to the analysis. This means that, worryingly, the malware can adopt new vulnerabilities within days of those issues being discovered, researchers warned, as seen when it added a bug tracked as CVE-2022-22954 affecting VMware Workspace ONE, almost immediately after disclosure.

Sean Malone, CISO at Demandbase, says that given its rapid development, EnemyBot and others like it present a new urgency for enterprise defenders.

"The rapid weaponization of newly released vulnerabilities highlights the need to be able to patch almost instantaneously when new vulnerabilities are identified," he tells Dark Reading. "We should assume that every piece of software, every application development framework, and every IoT device will have a critical vulnerability identified at some point. Our architectures should be designed to limit the available attack surface, and mitigate the blast radius of a compromised system through defense-in-depth measures."

That should include adding the ability to profile systems and network traffic to know what normal looks like, and alert when the system activity and network traffic deviates from that baseline, he adds.

"This botnet emphasizes the need for rapid patching of internet facing devices and the risks of running apps in the cloud," says John Bambenek, principal threat hunter at Netenrich. "This traffic is easily spotted on the wire, but in typical cloud deployments, organizations aren’t able to run network intrusion detection. If organizations aren’t running NIDS or rapidly patching, they are both blind and vulnerable."

**Keksec & EnemyBot's Future**

For its part, Keksec is a well-resourced group that has been around since 2016, making a name for itself by creating various botnets-for-hire. It's known for exploiting vulnerabilities to invade multiple architectures with polymorphic tools (these can include Linux and Windows payloads, as well as custom Python malware), in order to accomplish everything from DDoS to cryptomining to espionage.

For instance, last year the operators made headlines with the "Simps" botnet, which was built for DDoS attacks on gaming targets. Another of its creations is the HybridMQ-keksec botnet, a Frankenstein-like effort created by combining and modifying the source code of Mirai and Gafgyt, just like EnemyBot.

Keksec is constantly adding to its arsenal, and "has the ability to update and add new capabilities to its arsenal of malware on a daily basis," the AT&T Labs researchers note. And indeed, with the new ability to compromise enterprise services and devices, EnemyBot could be poised to ramp up the volume of its attacks.

"In addition, the malware base source code can now be found online on GitHub, making it widely accessible," according to AT&T Labs, whose researchers also note that this won't be the only new EnemyBot variant to bubble up from Keksec's laboratory. "The developer of the GitHub page on EnemyBot self-describes as a 'full time malware dev,' that is also available for contract work."

That spells swelling attack volumes, researchers warn.

"Being available through GitHub means that many types of threat actors, from professional cybercriminals to amateurs, will be able to adapt EnemyBot into new and multiple variants," says Broomhead. "Without question, this is a red-lights-flashing warning sign for organizations to improve their discovery, threat assessment, and remediation capabilities."

EnemyBot Puts Enterprises in the Crosshairs With Raft of '1-Day' Bugs

Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.

Edge technology widens the attack surface by bringing data analysis closer to where it's collected. Now is the time for public and private sector groups to establish guidelines and identify security best-practices frameworks.

Source: NicoElNino via Alamy Stock Photo

The federal government's IT modernization efforts have focused on centralizing cloud computing technologies. As more agencies improve those capabilities, they're starting to think about how computing at the edge can improve their data-driven decisions.

However, as edge computing continues to grow given emerging technologies, such as 5G, there's one area being neglected: security. With edge computing, we're on the cusp of repeating the familiar mistake of not thinking through the security implications of new technologies.

Now is the time to change that. By identifying gaps and vulnerabilities that edge technology could create prior to its implementation, the public sector can ensure the edge isn't creating new security risks.

**Edge Security-Related Challenges**

Data is now the core foundation of any business. Yet managing the unprecedented growth of data in cloud-based operations has placed a massive strain on Internet communications, causing latency and inefficiency. Edge technology eliminates those latency and performance issues by bringing the data analysis closer to where it's collected — on mobile devices or sensors — so it can be processed more quickly.

With data being processed closer to the end user, there is an array of unrecognized security concerns that government agencies can address to securely implement this new technology.

As exciting as the possibilities associated with the edge can be, we know adversaries see opportunities to engage in pernicious or malevolent behavior with emerging technology. It's critical we recognize that edge technology widens the attack surface by generating and analyzing data outside of the traditional IT perimeter.

**Shift of Security Mindset**

This requires IT and security leaders to shift their mindset when it comes to securing edge technology. But with the security of edge computing not well-defined, federal agencies should ensure they consider the following steps when implementing edge technology.

*   **Clarifying roles and responsibilities.** Federal agencies need to work in coordination with technology vendors to determine the responsibilities for securing the edge. With an array of different agencies and vendors playing a role in edge technology, there's currently a lack of understanding around the role each party plays regarding security. To determine this, there needs to be a framework developed between the government and the technology community that offers best practices for how they can share the responsibility of securing edge technology to close unrecognized security gaps.

*   **Applicability and gap analysis of current security products and services**. Government organizations need to ask vendors how their products and services address edge-based computing security before implementing them. Questions should range from the security of edge-based products to how these products and services are monitored and remediated. Without an understanding of the security practices already implemented into edge technology, you can't ensure that proper protocols are in place to defend against unprotected areas. Being proactive is key.

*   **Best practices and standardized compliance frameworks.** Identify the best practices for edge computing technology and live by them. Start by working off existing standards and compliance-based frameworks. Then, align with certified organizations such as the Cloud Security Alliance (CSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Institute of Standards and Technology (NIST) to ensure the organization is best equipped to meet the security and compliance considerations for mission-critical information and national security systems.

**The Future of Edge Security**

Luckily, the future of the edge isn't dark. But the government needs a plan to address the inevitable security threat landscape. Both private and public sector organizations can help make this possible by drafting frameworks, identifying best practices, and coming together to share that intelligence. These are the steps necessary to create an industrywide method. Through combined support of private and public sector organizations — such as the CSA — government agencies can start to unpack and prepare for security challenges of the edge _before_ its implementation  

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Security at the Edge: Why It's Complicated

Stalwart consumer advocacy group says it intends to educate people about cybersecurity and how to choose the safest products.

Consumer Reports (CR) has announced it will expand its advocacy work to help people protect themselves from cyberattacks, thanks to a $5 million grant from Craig Newmark Philanthropies.

The new initiative will scale up its capacity to evaluate a range of cyber threats, including phishing, ransomware, and other malware, as well as how to protect online services and endpoints, such as Internet of Things (IoT) devices and mobile products, from compromise. The imperative to educate consumers on how to choose the most secure solutions is "urgent," the group said in its announcement. 

The new Consumer Reports cybersecurity initiative will include an experimental "nutritional label" to help shoppers understand various products' security and data-collection practices, in addition to free digital tools and the expansion of its existing Security Planner to include personal cybersecurity, the organization said. 

"Today, we know that consumers are increasingly vulnerable to cyber threats, and the tools to secure our data are often complicated, or they don’t even work," said Marta Tellado, DR president and CEO, in an announcement of the new effort to push consumer cybersecurity awareness. "This new initiative will help us educate people so they can better protect themselves, and stand up to demand that industry and government do better.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Consumer Reports Launches IoT Cybersecurity 'Nutrition Label'

Advice from women and nonbinary security leaders on creating well-rounded security teams, stronger CISO leadership, and a more resilient industry.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

10 No-BS Tips for Building a Diverse and Dynamic Security Team

**Woburn, MA – June 1, 2022 —** The new release of Kaspersky’s Threat Intelligence (TI) Portal unifies all vendors’ TI services, sources and cyber-reconnaissance capabilities in a single and convenient interface. The updated portal supports real-time search across various threat intelligence resources, including Kaspersky’s databases, Dark Web and Surface Web. New features include the visualization of cyber-investigations and extended opportunities for analysis of complex malicious objects.

Threat intelligence, which provides insights on the threat landscape and allows organizations to anticipate risks, has become one of the most evolving and in-demand specialties as confirmed by IT security leaders’ surveys and market predictions. However, the diverse set of TI capabilities and the variety of available sources and services have made it difficult for security specialists to assemble a unified threat intelligence solution which matches their needs.

The renewed Kaspersky Threat Intelligence Portal\[1\] is a single pane of glass for threat intelligence. In addition to cyberthreat data, it also delivers validated information from external sources and new features that facilitate incident investigation as well as detection and attribution of previously unseen malicious objects.

**Unified search across all threat intelligence resources**

Kaspersky TI Portal now supports search across different sources\[2\], all in a single UI, making access to valuable insights easily accessible. Through real-time master search customers are able to get information across Kaspersky’s databases, including APT, crimeware, ICS and Digital Footprint Intelligence reports and actor profiles as well as across Dark Web, Surface Web and validated OSINT IoCs sources\[3\].

New **Dark Web search** offers instant access to insights from a comprehensive range of deep and dark web sources allowing organizations to get tailored evidence of planned attacks, discussions around vulnerabilities and successful data breaches in order to reduce the attack surface, secure online brand value and take appropriate actions.

To offer security practitioners a reliable source of information about global security events that can potentially or are already threatening company’s assets, brand or organization, Kaspersky TI Portal introduces **Surface Web search**. The service allows investigators to search for security-related news, discussions or other content across a validated range of relevant open web sources, such as theme-based newswires, blogs or forums.

**Better visibility for in-depth investigation**

Graphical visualization is an extremely useful tool for researchers when they are looking for indicators and try to find connections between them. The **Research Graph** introduced in Kaspersky TI Portal is designed to explore data stored inside the portal, discover threat commonalities and generate new related IoCs. It provides a clear picture of the relationship between web addresses, domains, IP addresses, files and other context encountered during investigations. It also allows for an in-depth view of information without losing the context of the conducted investigation.

**Complex threat analysis**

Kaspersky TI Portal delivers a unified interface for complex file analysis via a merged “Threat Analysis” tab that leads to Cloud Sandbox and Threat Attribution Engine (TAE), which now runs completely in the cloud. The tab offers access to the results of Dynamic, Static, Anti-Virus and Attribution analysis for objects considered suspicious, offering enriched Threat Intelligence within a single place and providing a powerful tool for faster detection of previously unseen malicious objects.

_“We see that customers are looking for a consolidated threat intelligence offering that can_ _deliver_ _a holistic and global perspective on the threat landscape as well as fit their specific needs,”_ comments Anatoly Simonenko, head of technology solutions product management at Kaspersky. “_Our renewed Threat Intelligence Portal meets these requirements as it unifies our unique and broad knowledge about threats with external threat data and allows companies to customize our offering by choosing services and sources that are most beneficial for their existing IT security function.”_

More information about Kaspersky Threat Intelligence Portal is available via this link

**About Kaspersky  
**

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.

Enhanced Threat Intelligence Portal Provides Consolidated Access to Kaspersky Threat Intelligence Expertise

Industry-first report finds zero trust segmentation eliminates 5 cyber disasters per year and saves $20+ million annually.

**Sunnyvale, CA — June 1, 2022 —**  Illumio, Inc., the Zero Trust Segmentation company, today released The Zero Trust Impact Report, the industry’s first research on market perspectives of Zero Trust strategies and the business impact of Segmentation technology. Conducted by The Enterprise Strategy Group (ESG), which surveyed 1,000 IT and security professionals in eight countries, the report discovered that 47 percent of security leaders do not believe they will be breached despite increasingly sophisticated and frequent attacks, broad adoption of Zero Trust technologies, and the proven business and security impact of Zero Trust Segmentation, which isolates workloads and devices across the hybrid attack surface to stop breaches from spreading. Key findings include:

*   **Severity and Frequency of Attacks Are Still Rising:** In the past two years alone, more than three-quarters of organizations surveyed (76 percent) have been attacked by ransomware and two-thirds (66 percent) have experienced at least one software supply chain attack. More than half (52 percent) believe cyberattacks will result in catastrophic breaches.
*   **Zero Trust is Now the Standard:** 90 percent state that advancing Zero Trust strategies is one of their top three security priorities this year as a way to improve cyber resiliency and reduce the rising threat of attacks turning into disasters.
*   **Segmentation is a Critical Pillar of Every Zero Trust Strategy:** 75 percent of segmentation pioneers, those who are classified as advanced users, believe purpose-built segmentation tools are critical to Zero Trust and 81 percent say segmentation is an important technology to Zero Trust.
*   **Zero Trust Segmentation Has a Quantifiable Business Impact:** Organizations that have adopted Zero Trust Segmentation as part of their Zero Trust strategy save an average of $20.1 million in application downtime, avert 5 cyber disasters per year, and plan to accelerate 14 more digital and cloud transformation projects over the next year.

“Catastrophic breaches keep happening despite another year of record cybersecurity spending. Money will not make the problem go away until security leaders move beyond the legacy approach to only focus on detection and perimeter protection,” said PJ Kirner, Illumio co-founder and CTO. “I’m shocked that nearly half of those surveyed in The Zero Trust Impact Report do not think a breach is inevitable, which is the guiding principle for Zero Trust, but I am encouraged by the hard business returns Zero Trust and Segmentation deliver. Zero Trust Segmentation is emerging as a true market category that is transforming business operations and strengthening cyber resiliency.”

**Attacks Abound in a Hyperconnected World**

Hyperconnectivity created by digital transformation has expanded the attack surface and exposed organizations to risks never faced before. While respondents have significant concerns about many attack types, supply chain, zero-day, and ransomware attacks top the list.

*   Respondents say software supply chain attacks (48 percent), zero-day exploits (46 percent) and ransomware attacks (44 percent) are the three threats that keep them up at night.
*   More than one-third of respondents (36 percent) have been the victims of a successful ransomware attack over the past two years.
*   82 percent of respondents who were victims of a successful attack paid a ransom (42 percent paid ransom directly; 40 percent paid via cyber insurance) with the average ransom netting $495,000.

**Organizations Must Assume Breach and Adopt Zero Trust**

A Zero Trust approach, rooted in an assume breach mindset, is the modern strategy to reduce risk and increase cyber resiliency. 52 percent of security teams believe that their organization is ill-prepared to withstand the cyberattacks to come (22 percent say a breach would “definitely” result in business disaster; 30 percent say it “probably” would be a disaster), but Zero Trust adoption is rising fast:

*   Nine in ten (90 percent) report Zero Trust is one of their top three cybersecurity priorities, and 33 percent say Zero Trust is their top cybersecurity priority.
*   39 percent of all security spending over the next 12 months is earmarked to advance Zero Trust initiatives.
*   Segmentation pioneers are nearly twice as likely to be able to stop breaches from spreading than peers who do not fully utilize segmentation (81 percent vs. 45 percent).  
    

A whopping 96 percent of buyers prefer technologies with best-of-breed capabilities as opposed to broad platforms. 75 percent of segmentation pioneers believe purpose-built segmentation tools are critical to Zero Trust.

**You Cannot Achieve Zero Trust without Zero Trust Segmentation**

Zero Trust Segmentation is a modern approach to stop breaches from spreading across hybrid IT, from the cloud to the data center. Today, a vast majority of respondents consider Zero Trust Segmentation essential to any successful Zero Trust initiative (81 percent), and the report found that segmentation pioneers:

*   Are 2.7X more likely to have highly effective attack response processes.
*   Are 2.1X more likely to have avoided a critical outage during an attack over the last 24 months.
*   Save $20.1M in annual cost of downtime.
*   Are able to free up 39 person-hours per week.
*   Avert 5 cyber disasters annually.
*   Are accelerating digital transformation for competitive advantage with 14 more digital and cloud transformation projects planned over the next 12 months.

For more information, download a copy of The Zero Trust Impact Report.

**Research Methodology**

In February 2022, Illumio commissioned ESG to conduct a 1,000-person global study on the current state of Zero Trust strategies and the impact of segmentation. The findings incorporate sentiment from senior information security and IT professionals across North America, Europe, Asia Pacific, and Japan.

**About Illumio**  

Illumio, the Zero Trust Segmentation company, prevents breaches from spreading and turning into cyber disasters. Illumio protects critical applications and valuable digital assets with proven segmentation technology purpose-built for the Zero Trust security model. Illumio ransomware mitigation and segmentation solutions see risk, isolate attacks, and secure data across cloud-native apps, hybrid and multi-clouds, data centers, and endpoints, enabling the world’s leading organizations to strengthen their cyber resiliency and reduce risk.

Zero Trust Research Reveals Nearly Half of All Security Leaders Do Not Believe They Will Be Breached Despite Increasing Attacks and Adoption of Zero Trust Strategies

Source

DARKReading