Cybersecurity professionals discovered, analyzed, and created defenses against the ICS malware framework before it was deployed, but expect the stakes to keep rising.

The recent discovery of a malware framework — referred to as both Pipedream and Incontroller — targeting industrial control systems (ICS) highlights what can happens when everything goes right, ICS security professionals stressed at a panel discussion hosted by the Atlantic Council on April 22.

Unlike as in previous attacks, cybersecurity experts detected components of the malware, researching the attackers' techniques, and erected defenses against Pipedream, before it was even deployed. In its current state, the framework boasts capabilities that can scan for and communicate with some programmable logic controllers from Schneider Electric and Omron, as well as scan and profile unified communication servers based on the OPC Unified Architecture specification.

The expertise and capabilities encapsulated in the framework point to a nation-state actor as the source, making the coordinated investigation a significant win, and the best argument for the return on investment (ROI) of cybersecurity, says Danielle Jablanski, operational technology cybersecurity strategist at Nozomi Networks and a former consultant for the US Department of Defense.

"For terrorism, we can never talk about \[the successes\], because they are classified," she says. "But this is the best potential ROI that we have seen, because \[Pipedream\] did not actually become operational, and now we can learn from it."

On April 14, managed response firm Mandiant and ICS specialist Dragos released separate reports on the ICS framework, which they dubbed Incontroller and Pipedream, respectively. The cyber-espionage and attack framework is the seventh attacker tool set to specifically target industrial control systems, but the second to be disclosed in April. On April 12, cybersecurity firm ESET announced that the company had worked with a Ukrainian energy provider to mitigate an attack by Industroyer 2 the previous month.

While cybersecurity experts have been reticent to attribute the attacks to Russia, the links between their targeted and the current Russian invasion of Ukraine have suggested that the nation is the most likely sponsor. While the country might be hesitant to attack critical infrastructure, Russia has not had any qualms about supporting ransomware attacks, says Bryson Bort, CEO and founder of Scythe and a panelist.

"I don't think Russia will attack us directly \[targeting\] industrial control systems, because that is going to invite a military response, which they cannot afford — they have enough on their hands already," he says. "But I'm surprised that they have not amped up ransomware against our private industry."

The panel discussion featured a variety of government and industry experts who also serve as fellows in the Cyber Statecraft Initiative, which is part of the Atlantic Council's Scowcroft Center for Strategy and Security.

**For Attackers, ICS is a Shopping Mall  
**The concern over Pipedream is not because it contains exploits for zero-day vulnerabilities, but because the tool set is tailor-made to operate within common ICS environments. The analyses list three (Mandiant) to five (Dragos) components making up the attack framework, targeting Schneider Electric programmable logic controllers (PLCs), Omron PLCs, and unified communication servers using the Open Platform Communications (OPC) specification.

The attackers are not exploiting vulnerabilities in the products, but problems in the interoperation that leads to security issues, says Scythe's Bort.

"This is a vulnerability in the architectural ecosystem and design of the industrial control systems, period," he says. "Attacks like this show how flat the \[network\] architecture actually is, and that really is the true vulnerability in the design, and that is a generational problem — it is not the kind of thing that we can say, oh, we are going to patch that and fix it — we have to switch this equipment out over the next 10, 20, and 30 years."

Megan Samford, vice president and chief product security officer at Schneider Electric and a panel member, underscored that the problem was not a software vulnerability. Instead, the tool set focused on specific vendors because those vendors are likely in the targeted networks.

"If you could imagine a shopping mall being built, and you can see that there is a Schneider store and there is an Omron store, but there are probably 20 other stores that could be built out — that is really what this was," she says. "So our products were in the framework, not because of a weakness, but because of out global scale and our products operate and support critical infrastructure locally."

**Geopolitical Implications** Currently, there are seven known attacker frameworks that have targeted industrial control systems: Stuxnet, Havex, Black Energy 2, Industroyer/CrashOverride, HatMan/Triton/Trisys, Industroyer 2, and Pipedream/Incontroller. While Stuxnet has been attributed to a joint US-Israeli effort, all six of the other frameworks have been linked, to varying degrees, to Russian efforts.

"What we now know for sure is that our adversaries have done their homework," Nozomi Networks' Jablanski says. "There are seven focused, technology-specific incidents that we have seen targeting the hardware and software that we talk about in OT and ICS ... but that does not capture the full range of actors that are looking at industrial operations."

In addition to the United States and Russia, China is know to have tools that target industrial control systems as well, the experts said.

Early Discovery of Pipedream Malware a Success Story for Industrial Security

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

BUCHAREST, Romania and SANTA CLARA, Calif., April 21, 2022 -- Bitdefender, a global cybersecurity leader, today announced new enhancements to its Bitdefender Premium Virtual Private Network (VPN) Service designed to bolster privacy, identity protection and security for consumers. New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private web browsing from anywhere in the world using a computer or mobile device. It is simple to set up and comes with an intuitive interface for any level user.

Cybersecurity and data privacy are converging as consumers grow increasingly concerned about who has access to their personally identifiable information, as well as data collected about their online activities and how that data is sold, traded and used. Even when consumers use so-called "Private Browsing" or "Incognito" modes on major web browsers, internet service providers (ISPs), wireless hotspots and websites often still collect information about their browsing history and online behavior.

Data tracking, spyware and other malicious threats are still a reality on open public Wi-Fi networks. According to Firefox telemetry, about 80 percent of web traffic globally is encrypted. Additionally, a study found that about six percent of the top 10,000 websites secured by HTTPS had TLS protocol security flaws.

Recent Bitdefender research revealed that most consumers are highly exposed to risk, with the majority (61 percent) not using VPN services and anti-trackers, ad blockers (44 percent) or privacy software of any type (64 percent) on the personal devices they use most for online activities.

"It has become increasingly difficult for consumers to maintain privacy and keep their data secure as they conduct their digital lives online," said Ciprian Istrate, vice president, Bitdefender Consumer Solutions. "We incorporated ad blocking and anti-tracking capabilities to Bitdefender Premium VPN to deliver both solid protection and anonymity as users enjoy favorite online activities without concern their online behaviors are being tracked or personal data collected and sold either legally or illegally."

**Bitdefender Premium VPN Key Features**

*   **Powerful Encryption for All Web Traffic** \-- Securely encrypt all incoming and outgoing web traffic for Windows, Mac, Android and iOS devices leveraging over 4,000 Bitdefender VPN servers across 49 countries. Keep online identities and activities safe from hackers, ISPs and others for safe online streaming and downloads, with no traffic logs.
*   **Built-In Ad Blocker for Better Browsing Experience** \-- Native ad blocker module removes ads, banners, pop-ups and video ads from websites for a better browsing experience. Blocking intrusive ads reduces the risk of adware and malware, and helps users save bandwidth while reclaiming the entire screen for relevant content only.
*   **Prevent Online Profiling With Anti-Tracker --** Block advertisers, websites and other third-parties from collecting data such as device type, location, web queries, shopping preferences and more. Preventing the collection of such data not only protects consumer privacy, it can speed performance of users' devices.
*   **Achieve System-Wide Protection --** As opposed to web browser extensions that only offer privacy within that browser, Bitdefender VPN Premium blocks disrupting ads and tracking modules across the user's entire device without slowing down systems or leaving gaps in defense.
*   **Whitelist Trusted Websites --** Easily make exceptions to ad blocking and anti-tracking features as desired, by adding the URLs of specific, trusted domains to a whitelist. This enables VPN users to ensure secure, encrypted browsing while accessing websites that might otherwise not load properly when tracking codes are blocked.

**Availability**

Bitdefender Premium VPN is available for Windows, macOS, Android and iOS devices. New ad blocker, anti-tracker and whitelist capabilities are now available to all users, including free and trial customers. For more information or to purchase Bitdefender Premium VPN visit https://www.bitdefender.com/solutions/vpn.html.

**About Bitdefender**

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world's most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience. For more information, visit https://www.bitdefender.com.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.

LOS ALTOS, Calif., April 22, 2022 /PRNewswire/ -- Contrast Security (Contrast), the leader in code security that empowers developers to secure-as-they code, today announced the introduction of cloud-native automation for users leveraging Red Hat OpenShift, the industry's leading enterprise Kubernetes platform. Red Hat OpenShift users can now deploy containerized applications with embedded security features within a native continuous integration and continuous delivery (CI/CD) pipelines. This enables Red Hat OpenShift users to retain scalability, while adding automated security testing and protection as a routine part of the software delivery process. These added capabilities result in minimized manual configuration, reduction in additional overhead costs, and overall security efficiencies.

Contrast enables customers to continuously monitor OpenShift applications at runtime to deliver the most actionable results without requiring AppSec teams to waste hundreds of hours validating results and causing delays for developers.

"Unfortunately many organizations lack the means to implement scalable security gates within their CI/CD pipelines, which translates to insecure code being shipped across distributed cloud environments. Contrast helps these teams drive their DevSecOps transformation with automation at scale," said Sanjay Ramnath, Vice President of Product Management at Contrast Security. "These new capabilities are another component to Contrast's overall mission of ensuring developers are empowered to embed security capabilities within their environments without imposing additional work on them. We want to make security a value-add for everyone."

Contrast enables Red Hat OpenShift users to benefit from the following capabilities:

*   **Source-to-Image Deployment**: Cloud developers can embed Contrast's Assess and Protect agents into their source code image to implement continuous vulnerability detection with runtime context and help protect their apps from targeted attacks in production.
*   **CI/CD Jenkins Pipelines**: AppSec teams can trigger automated security tests within native Jenkins pipelines and establish security policy gates to mitigate potential vulnerabilities. Alternatively, users can also automate in their Jenkins CI/CD pipelines by pulling the agent from Contrast.
*   **OpenShift Pipelines via Tekton**: Contrast provides OpenShift users with automated tasks that can be used to create repeatable pipeline templates within OpenShift Pipelines environments. APIs provided by the Contrast Secure Code Platform help initiate automated vulnerability static scanning at build time and instrument applications for security telemetry from within prior to deployment.

The Contrast Secure Code Platform is available today with support for Java, .NET, and Node.js applications. For more information about Contrast Platform offerings, visit www.contrastsecurity.com/integration.

**About Contrast Security:**

Contrast Security secures the code that global business relies on. It is the industry's most modern and comprehensive Code Security Platform, removing security roadblock inefficiencies and empowering enterprise developers to write and release secure application code faster. Embedding code analysis and attack prevention directly into software with instrumentation, the Contrast platform automatically detects vulnerabilities while developers write code, eliminates false positives, and provides context-specific how-to-fix guidance for easy and fast vulnerability remediation. Doing so enables application and development teams to collaborate more effectively and to innovate faster while accelerating digital transformation initiatives. This is why a growing number of the world's largest private and public sector organizations rely on Contrast to secure their applications in development and extend protection to cloud and on-premise applications in production.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Contrast Security Introduces Cloud-Native Automation

New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.

**MIAMI - S4x22 Conference - April 19, 2022** – Forescout Technologies, the leader in cybersecurity automation, today announced that it has enhanced the operational technology (OT) and IoT capabilities for its newly released Forescout Continuum Platform, the industry’s first automated cybersecurity platform that continuously manages the risk posture of cyber assets and delivers enhanced threat detection and response for operational continuity.

The cyber and operational risks and threats affecting OT organizations are multiplying, calling for cybersecurity solutions that scale across an organization’s entire infrastructure and distributed locations. Organizations with OT and industrial control system (ICS) networks are also facing a cybersecurity skills gap and resource shortage, making it increasingly difficult to keep up with the evolving threat landscape. To address these issues for industrial enterprises, Forescout added new capabilities to provide broader visibility and threat detection for OT and IoT devices with an enhanced user experience, increased scalability and performance, and flexible deployment options to help automate workflows and enable a more effective platform operation and cost-effective deployments at scale.

“Forescout Continuum Platform is unique in its ability to automate cybersecurity workflows for both data collection and incident response, effectively collaborating with the other security tools for an effective collective defense,” said Daniel Trivellato, Vice President of OT, Forescout. “The new release allows organizations to quickly and easily gather and analyze the information they need, while reducing the learning curve and helping them prioritize and automate response across their OT networks. These enhancements also improve operational and cost effectiveness of large-scale enterprise deployments, which is highly valued by individual customers that have deployed our OT solution to a thousand distinct locations.”

The new capabilities and benefits include:

*   **Enhanced user experience:** A streamlined UI developed based on customer feedback for more efficient workflows, including at-a-glance insights into the trends and risks of all OT networks; a scalable asset page for effective analysis of risks, vulnerabilities and communications; and a new alerts page to better prioritize threat mitigation.
*   **Effective deployment at scale**: New sensor templates and centralized sensor configuration for faster deployment at hundreds of sites; ability to monitor up to 10 Gbps for centralized deployment models; support for DHCP networks and devices.
*   **Expanded visibility and detection:** Further expansion of our broad protocol coverage of 250+ IT, OT and IoT protocols so customers can identify and assess more assets and vendors; extended coverage to 30 active queries to identify common OT, IoT and IT devices; an extensibility framework for active queries and asset classification to expand built-in visibility and asset roles at run-time for more accurate classification.
*   **Flexible Deployment Options**: All passive and active sensors are deployed as containers by default, to allow deployment on almost any appliance; support for smaller, low-cost hardware for decentralization or segmented networks; support for deployment on 3rd party network infrastructure hardware; ability to deploy the Command Center in private AWS and Azure instances.

Forescout excels in ICS asset visibility according to the Forrester Wave™: Industrial Control Systems (ICS) Security Solutions, Q4 2021 and has “_the broadest ICS protocol support of the vendors evaluated. That protocol knowledge also helps Forescout deploy the leading asset discovery and identification capability in this evaluation according to multiple customers_”. The in-depth visibility of IT, IoT and OT networks and assets offered by Forescout Continuum is key to enabling effective, real-time management of a full range of operational and cyber risks, and Forescout is committed to continuously broaden these capabilities so industrial enterprises can operate securely without disruptions.

**About Forescout**

Forescout Technologies, Inc. delivers automated cybersecurity across the digital terrain, maintaining continuous alignment of customers’ security frameworks with their digital realities, including all asset types – IT, OT, IoT, IoMT. The Forescout Continuum Platform provides complete asset visibility, continuous compliance, network segmentation and a strong foundation for Zero Trust. For more than 20 years, Fortune 100 organizations and government agencies have trusted Forescout to provide automated cybersecurity at scale. Forescout arms customers with data-powered intelligence to accurately detect risks and quickly remediate cyberthreats without disruption of critical business assets. www.forescout.com

Forescout Enhances Continuum Platform With New OT Capabilities

Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.

**SAN MATEO, Calif., April 19, 2022 —** PerimeterX, the leading provider of solutions that detect and stop the abuse of identity and account information on the web, today announced the availability of the Spring Release of PerimeterX Code Defender. It includes a rich set of capabilities designed to enable organizations to combat the growing threat of client-side supply chain attacks on websites and web apps.

Code Defender, named the 2021 SIIA CODiE Award winner for Best Security Solution, is a client-side web app security solution that provides comprehensive real-time visibility and control into a modern website’s supply chain attack surface, to identify vulnerabilities and anomalous behavior and proactively mitigate compliance risk.

“Client-side supply chain attacks have become one of the top types of cyberattacks, and can cause tremendous damage to a brand’s reputation and its ability to comply with growing data privacy regulations including GDPR and CCPA. Every business is dependent on website code from partners and the open source community to enrich their visitors’ experience. At the same time they are worried about the risk of supply chain attacks that can result from the use of a vulnerable component. Code Defender is the premier solution for identifying and proactively mitigating these risks,” said Omri Iluz, CEO and co-founder of PerimeterX.

The Spring Release of Code Defender includes:

*   Comprehensive client-side mitigation capabilities to control legitimate JavaScript at a granular level, enabling customers to block specific actions without blocking the entire script. This adds to existing CSP mitigation capabilities that allow performance or prevention of specific script actions.
*   Full visibility into client-side scripts running in a customer’s environment, including how scripts are interacting with the site, additional scripts they are interacting with and exposure details.
*   An actionable dashboard offering an at-a-glance overview to quickly identify the high-risk PII, PCI, and vulnerability incidents that response teams should prioritize.
*   Persona-based filtering so users can configure the dashboard based on what is interesting to each team, for example, focusing reports based on compliance or scripts from trusted and untrusted vendors.

According to Osterman Research, more than 99% of websites use third-party scripts to simplify common functions such as ad tracking, payments, customer reviews, chatbots, tag management, and social media integration, but only one in three websites have the capability to detect potential problems arising from vulnerabilities in this supply chain of code. More than 70% of a typical website can be comprised of third-party code. Malicious Shadow Code in first-, third- and nth-party scripts can modify page elements, insert fake checkout buttons or skim personally identifiable information from a website, including credit card numbers and passwords.

Code Defender continuously monitors and analyzes the behavior of all client-side scripts in real users’ browsers. The solution inventories and baselines known expected behavior, and then applies machine learning models to help identify new malicious, suspicious or anomalous behavior that warrants attention with appropriate severity rankings based on the level of perceived risk to a website. The solution runs 24/7/365 giving security operations teams real time visibility and control over all downstream client-side risks, freeing up application development teams to focus on innovation.

To learn more about the risks to your website, run the free Website Risk Analyzer which provides fast, easy-to-understand insight into the scripts running on your site and the potential security risks they represent.

For more about how your business can benefit from the new enhancements to Code Defender, contact us here or read the blog here.

**About PerimeterX**

PerimeterX is the leading provider of solutions that detect and stop the abuse of identity and account information on the web. Its cloud-native solutions detect risks to your web applications and proactively manage them, freeing you to focus on growth and innovation. The world’s largest and most reputable websites and mobile applications count on PerimeterX to safeguard their consumers’ digital experience while disrupting the lifecycle of web attacks. PerimeterX is headquartered in San Mateo, California, and at www.perimeterx.com.

PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks

Collaboration aimed at connecting talent and employers.

ELLICOTT CITY, Md., April 19, 2022 /PRNewswire/ -- The national network of cyber communities, CyberUSA, has partnered with Superus Careers in launching the Cyber Career Exchange platform, aimed at supporting national, regional, and state level communities to fill a growing gap in cybersecurity jobs. Cybersecurity talent gaps exist across the country with nearly 600,000 unfilled positions, according to

CyberSeek

, a data analysis and aggregation project supported by the National Initiative for Cybersecurity Education (NICE). Closing these gaps requires detailed knowledge of the cybersecurity workforce.

The Cyber Career Exchange is a specialized recruiting platform focused specifically on cybersecurity. The specialized methodology provides a system for employers to find potential employees based on job skills and education; job seekers and employers to certify job skills and education; for the upkeep and maintenance of career related skills for candidates; a methodology for finding & developing candidates; and (future development) partnership workflow for associations, schools or other organizations to deploy the 'Cyber Career Exchange'.

"I am proud of our advancements over the past 6 years in connecting cyber communities across the country. Starting with seven statewide cyber communities and growing thirty states to date has provided tremendous value in shaping the cybersecurity landscape at both the state and federal levels," said CyberUSA's Co-founder David Powell, "With growing threats and talent shortage more has to be done. The most immediate solutions to filling the open cyber jobs is to provide a system, hosted within trusted communities across the US, designed specifically to help employers and candidates easily find one another. The Cyber Career Exchange accomplishes that goal and more."

"Having worked within and recruited for Financial Services and Healthcare organizations, I understand the vulnerabilities, especially with a shortage that exists in the workforce," said Superus Careers CEO, Larry Silver. "I am excited for us to play our role in filling that void from an employment standpoint, which will have a positive impact on generations to come,"

**About CyberUSA.us**

CyberUSA (CyberUSA.us) is a collaboration of leaders and states focused on a common mission purpose of enabling innovation, education, workforce development, enhanced cyber readiness and resilience – all while connecting the cyber ecosystem of the United States and its Allies. This non-profit "community of communities" is governed by its advisors and members, established to enhance information sharing between individuals, organizations and states and improve cyber resilience at all levels of participation – local, regional and national. CyberUSA provides a communication framework, a national summit and cyber related resources to communities across the United States.

**About Superus Careers**

Superus Careers (SuperusCareers.com) places talented professionals with exceptional organizations across the country. We are redefining recruiting by leveraging cutting-edge technology and business intelligence to guide personal relationships. This high-tech, high-touch approach yields efficient, accurate matches that focus on total alignment, bringing talent and organizations together. Every candidate is technically qualified for the role, culturally aligned and ready to add value to the organization. Attention to detail and passion for results is what makes candidates and companies choose Superus Careers. When the right person is in the right role at the right company, everyone wins.

CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform

Orlando, FL, April 19, 2022 — Fortress Information Security (Fortress), the leading supply chain cybersecurity provider for critical industries, today announced that it received a $125 million strategic investment from funds managed by the Private Equity business within Goldman Sachs Asset Management (Goldman Sachs). This new investment will support Fortress’s mission of securing U.S. critical industries from cybersecurity and operational threats emanating from their supply chains. Existing investors, including co-founders Peter Kassabov and Alex Santos, ClearSky, First Analysis, American Electric Power, Caron Capital, KMMT, and Moquin Capital, will continue to support Fortress as investors.

Fortress is transforming how critical industry operators and government agencies secure their supply chains in the face of increasing supply chain cybersecurity threats. Founded in 2015, the Fortress platform is a deep, fit-for-purpose solution that enables customers in critical industries to assess, manage, and address risks associated with vendors, assets, and software in their supply chains. Fortress enhances cybersecurity postures and compliance with relevant regulations. The Fortress solution was co-developed with leading electric utilities and has since grown into a consortium tool that includes five of North America’s ten largest investor-owned utilities. Fortress’s platform secures 40% of the U.S. power grid, substantial national defense-related assets, and critical manufacturing industries.

As critical industries increasingly face cybersecurity threats emanating from the supply chains that underlie them, federal government and private sector stakeholders have recognized that securing critical supply chains is a national security issue. In response, authorities such as the Cybersecurity and Infrastructure Security Agency (CISA) and the North American Electric Reliability Corporation (NERC) have released supply chain cybersecurity guidelines in the past year.

“Supply chain cybersecurity is one of the most important challenges facing business and government leaders today. Supply chains represent a source of significant threats to the national economy and our ability to maintain our way of life,” said Peter Kassabov, executive chairman and co-founder of Fortress. “We started Fortress because we recognized major supply chain vulnerabilities in our country’s most critical industries. Many recent high-profile breaches have spawned a new wave of regulatory action in the U.S. that will likely expand for the foreseeable future.”

“The Goldman Sachs investment validates the hard work of our employees and clients who have brought collaborative cybersecurity to life,” said Alex Santos, Fortress CEO and co-founder. “This growth capital infusion will empower us to accelerate the execution of our vision of resilient supply chains.”

“Fortress has established itself as a market leader in end-to-end supply chain cybersecurity solutions for U.S. critical industries and we look forward to scaling the company’s Asset-to-Vendor network, which provides significant value to critical infrastructure suppliers and customers,” said Will Chen, managing director within Goldman Sachs Asset Management. “The depth and breadth of the Fortress platform are unmatched and we believe there is a meaningful opportunity to accelerate the expansion of the platform into compelling product adjacencies, including software and hardware bill of materials, workflow orchestration, and additional analytics and reporting capabilities.”

Foley & Lardner LLP acted as legal advisor, and DBO Partners acted as financial advisor to Fortress. Goodwin Procter LLP acted as legal advisor, and Goldman Sachs & Co. LLC served as financial advisor to Goldman Sachs Asset Management.

Further terms of the transaction were not disclosed.

**About Fortress Information Security**

Fortress Information Security secures critical industries from cybersecurity and operational threats stemming from vendors, assets, and software in their supply chains. Fortress is the only end-to-end platform that connects intelligence surrounding vendors, information technology and operational technology assets, and software through a holistic, fit-for-purpose approach. Fortress has also partnered with its customers and suppliers to form the Asset-to-Vendor (A2V) network, which facilitates the secure and seamless exchange of asset information and security intelligence, enabling collaborative workflows to better understand and remediate potential issues. Fortress serves critical industries such as energy, government, aerospace & defense, critical manufacturing, industrial automation, automotive, and healthcare.

About Goldman Sachs Asset Management Private Equity

Bringing together traditional and alternative investments, Goldman Sachs Asset Management provides clients around the world with a dedicated partnership and focus on long-term performance. As the primary investing area within Goldman Sachs (NYSE: GS), we deliver investment and advisory services for the world’s leading institutions, financial advisors and individuals, drawing from our deeply connected global network and tailored expert insights, across every region and market—overseeing more than $2 trillion in assets under supervision worldwide as of December 31, 2021. Driven by a passion for our clients’ performance, we seek to build long-term relationships based on conviction, sustainable outcomes, and shared success over time. Goldman Sachs Asset Management invests in the full spectrum of alternatives, including private equity, growth equity, private credit, real estate and infrastructure. Established in 1986, the Private Equity business within Goldman Sachs Asset Management has invested over $75 billion since inception. We combine our global network of relationships, our unique insight across markets, industries and regions, and the worldwide resources of Goldman Sachs to build businesses and accelerate value creation across our portfolios. Follow us on LinkedIn.

_For more information, contact Adam Benson at \[email protected\] or 202.999.9104._

Fortress Information Security Receives  $125M Strategic Investment from Goldman Sachs Asset Management

Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.

**PHILADELPHIA – APRIL 20, 2022 –** Comcast Business today published results from its 2021 Comcast Business DDoS Threat Report. The report provides an overview of the Distributed Denial of Service (DDoS) attack landscape, trends experienced by Comcast Business customers and insights for measuring and mitigating risks. The report found that mulit-vector DDoS attacks targeting Layers 3, 4, and 7 simultaneously represent a 47 percent increase from the record number set in 2020.

“DDoS attacks, when they occur, can be costly and difficult to defend. The risk of losing network, server and application availability is higher than ever,” said Shena Seneca Tharnish, Vice President, Cybersecurity Products, Comcast Business. “With threat actors constantly innovating, organizations must stay vigilant to help protect their infrastructure from bad actors determined to cause financial and reputational damage."

The report indicates that 2021 was another record year for DDoS attacks, as Comcast Business DDoS Mitigation Services successfully identified and helped defend 24,845 multi-vector attacks targeting Layers 3,4, and 7 simultaneously. Overall, 69 percent of Comcast Business customers experienced DDoS attacks, a 41 percent increase over 2020, while 55 percent were targets of mulit-vector attacks, as opposed to in 2020 where most customers experienced single vector attacks.

The data also shows that DDoS attackers were indiscriminate and persistent as no verticals were spared and everyone was fair game – from tow truck drivers to churches, government, utilities, IT companies, online gambling sites, and manufacturing operations. However, the healthcare and education sectors remain favorite targets.

Seventy-three percent of all multi-vector attacks targeted the education, finance, government and healthcare sectors, likely due to vulnerabilities brought on by the COVID-19 pandemic. Threat actors also used industry-specific seasonal trends and activities to guide attacks and maximize impact.

Attacks on education customers followed the cadence of a typical school year, starting strong in January before taking a significant dip over the summer when schools were out, while the financial sector experienced a 3X uptick in attacks during November and December compared to the rest of the year.

Other key findings from the 2021 Comcast Business DDoS Threat report include:

· Attacks on information technology customers grew steadily, ending the year at 10X the January numbers.

· 98 percent of all multi-vector attacks were under 5 Gbps, as bad actors often strike at low volumes to avoid detection, degrade site performance and map out network vulnerabilities for reconnaissance.

· 69 percent of all multi-vector attacks lasted under 10 minutes, as short duration attacks are harder to detect and give IT organizations less time to respond, quickly overwhelming defenses.

· The number of vectors deployed in a single multi-vector attack increased from five to 15, while the number of amplification protocols used in multi-vector attacks increased from three to nine.

· 99 percent of customers experienced repeat attacks, while the largest and most severe attack was delivered at a rate of 242 Gbps.

The 2021 Comcast Business DDoS threat report focuses on multi-vector attacks that target Layers 3, 4, and 7 simultaneously. To download the report, please visit: https://business.comcast.com/community/browse-all/details/2021-comcast-business-ddos-threat-report

Comcast Business 2021 DDoS Threat Report:  DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise

From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.

Since the onset of the pandemic, cyberattacks on schools and educational institutions have skyrocketed. In fact, K12 Security Information Exchange, a Virginia-based nonprofit that helps schools defend against cybersecurity risk, tracked more than 1,200 cybersecurity incidents since 2016 in US public school districts, consisting of ransomware attacks, grading system breaches, and child stalkers.

Students, teachers, and parents are increasingly reliant on technology to execute virtual learning. Tech plays a role in everything from personal student information to attendance and grading records. This sensitive data is more vulnerable to breaches, demanding that educational institutions get serious about bolstering their cybersecurity strategies.

Most public schools are exactly known for having robust budgets. While many educational institutions lack the funds for a full-scale cybersecurity plan or full-time IT staff, there are things that can be done to ensure that devices managed by schools are kept safe and secure. To protect a school, it's important to understand why and how cybercriminals target schools, and to train students and employees in best practices for ensuring that school-managed devices are used properly and securely.

**Why Do Attackers Target Schools?  
**Compared with the financial stakes of corporations and critical identification information housed within government agencies, it seems odd that a hacker would target public schools. But it turns out that there is more to be stolen than just lunch money.

The fact is that K-12 schools possess _loads_ of data, especially since schools turned to remote learning. In the last three years, schools handed out millions of digital devices and mobile hotspots to students and employees. These devices are used to access an increasingly large portfolio of online programs and apps for instruction. Without proper policies or device management systems in place, students have unfettered access to the Internet and the dangers within it. Not only are hackers finding their own way in, but user-initiated risk is also a concern. With increased entry points, hackers have myriad opportunities to uncover important data that helps facilitate identity theft. Personal information such as children's Social Security numbers is exposed through a cyberattack on a school, creating a very real problem for those too young to protect themselves.

It turns out that cybercriminals know about school funding problems too. Armed with the assumption that a K-12 school doesn't have the budget to implement and maintain a sophisticated cybersecurity system, hackers find themselves with a roster of easy targets. Not even higher education institutions are immune to cyberattacks. In fact, a university or college's high tuition costs are actually a motivator. In these cases, cybercriminals can take a university's website hostage in order to receive payments.

While educational institutions might offer the best in higher learning, the level of security systems put in place can vary. Without basic training, students and teachers are especially unaware of the tactics used by cybercriminals to obtain information.

Additionally, the sustained use of legacy infrastructure combined with the use of unprotected personal devices can also make an institution more susceptible to bugs and data breaches.

**Common Ways Schools Are Being Targeted  
**Douglas Levin, national director at K12 Information Exchange, found in his research that schools are typically targeted in four major ways.

First, through ransomware. This malicious software can publish or block access to data or a computer system until the victim meets the cybercriminal's demands. Second, victims experience denial-of-service (DoS) attacks in which a cybercriminal interrupts services indefinitely and makes a network or device unavailable for use.

Third on the list is a classic DoS attack: zoombombing. This cyberattack in which an uninvited perpetrator hijacks a Zoom meeting occurred frequently during the pandemic, and became a disruption to learning. It's a concrete example of how modern education needs to evolve to achieve modern security, and a simple fix such as requiring a password to enter a Zoom meeting can help combat such disruptions. Finally, schools are often victims of phishing cyberattacks, in which the cybercriminal has the ability to steal user data like logins, personal addresses, and grading information.

**How Schools Can Protect Themselves  
**School IT teams can bolster cybersecurity with these steps:

*   **Increase cybersecurity awareness** through regular cybersecurity training and awareness campaigns. As students, parents, administrators, and teachers all face different cyber threats, it's essential that these training sessions are relevant to everyone in the system who has access to the school's network and devices.
*   **Practice good security hygiene** for devices. This includes updating software to the most current edition, backing up files, deleting redundant files, and uninstalling unwanted applications. Beyond the device, ensure websites are password protected, infrastructure is locked down, and default passwords are updated.
*   **Do regular checkups on your inventory of assets.** Compare and contrast how your current systems stack up against recommended cyber frameworks, keep a watchful eye on your inventory of assets, and invest in extra protections for legacy systems that are unable to be updated.
*   **Inspect network traffic and Internet use.** Don't allow users with school-issued devices to have free rein of the Internet. Restrict access to illegal or potentially malicious sites that don't meet safe Internet standards. Help your institution zero in on cybersecurity pain points to prioritize spending efforts when the budget is limited.
*   **Prevent unauthorized devices from operating on your networks**. This is best done by restricting administrative access and applying endpoint protection to all school-provided devices. Only IT departments should have administrative capabilities.
*   **Make your cyber policy easily accessible.** Ensure that all faculty, students, and parents are aware of the existing cyber policy, and where they can easily access it to reference. Provide security training sessions to help everyone understand the cyber policy details.

It's clear that educational institutions are at a higher risk for cyberattacks due to a lack of training and resources dedicated to cybersecurity. But savvy schools can keep their students and employees safer by understanding how attackers target schools, spreading cybersecurity awareness, and taking additional proactive steps to safeguard devices and systems.

Creating Cyberattack Resilience in Modern Education Environments

Ransomware and other financially motivated threat actors joined nation-state-backed groups in leveraging unpatched flaws in attack campaigns, new data shows.

Threat actors exploited more zero-day vulnerabilities in 2021 than any prior year and mostly in software from Microsoft, Google, and Apple.

State-backed advanced persistent threat actors remained the most prolific users of these exploits as has always been the case to date. However, they were not the only ones: financially motivated groups — particularly ransomware operators — sharply ramped up their use of zero-days and accounted for one in three of attackers exploiting these vulnerabilities.

Two separate advisories this week — one from Mandiant and the other from Google's Project Zero security team — identified a big jump last year in software flaws that threat actors exploited before a patch became available. Mandiant counted a total of 80 such flaws in 2021, while Google identified 58 zero-days that were exploited in the wild before being patched.

By Mandiant's count, the 80 zero-day exploits in 2021 represented a 167% increase over the 30 it logged in 2020, and it more than doubled the previous highest number of 32 in 2019. The 58 zero-day exploits that Google counted represented more than double the 25 that company observed in 2020. It was also more than double Google's highest-ever total of 28 zero-days back in 2015.

Vulnerabilities in Microsoft, Google, and Apple accounted for 75% of the zero-days that threat actors exploited last year — a number likely tied to the broad use and popularity of technologies from these three vendors, Mandiant said. A spreadsheet of zero-day flaws that Google has maintained since 2014 shows that 16 of the 58 zero-day exploits the company observed last year were in its own technologies; 21 involved Microsoft products; and 13 were in Apple products. The remaining vulnerabilities involved products from a total of nine other vendors including Qualcomm, Trend Micro, Sonic Wall, Accellion (now Kiteworks), and Pulse Secure, Mandiant said.

    

Source: Mandiant

The data underscores how organizations cannot ignore the potential for threat actors to hunt for and exploit zero-days in less widely used technologies, says James Sadowski, principal analyst at Mandiant.

"While popular vendors remain popular targets for zero-day exploitation, we've gradually seen expansion of both technologies and vendors targeted by zero-day exploitation outside of main vendors," he says.

"Like we observed in the exploitation of Accellion FTA, threat actors can exploit vulnerabilities in these systems and cause significant damage," Sadowski says, referring to a zero-day flaw in a near obsolete Accellion product that led to breaches at multiple large companies.

**Many Reasons Why**  
Mandiant identified multiple potential reasons for the explosion in threat actor use of zero-day exploits last year. The company perceived the increased enterprise adoption of cloud, mobile, and IoT technologies as increasing the volume of software that organizations are using and therefore resulting in the discovery of more bugs. The increase in the number of so-called exploit brokers trading in zero-day vulnerabilities has also been a factor, as have increased investments in research and development by zero-day exploits threat groups. Google, meanwhile, attributed the surge to improved detection and disclosure of zero-day bugs — a factor that Mandiant too said was likely at play.

The security vendor's analysis showed that state-sponsored groups — especially those from China — continue to dominate zero-day exploit use. But there was a noticeable increase in the number of ransomware and other financially motivated threat groups leveraging zero-days in their attacks.

Sadowski says these threat actors are likely acquiring zero-day exploits via underground exploit brokers and criminal service providers. Or they could be recruiting the requisite talent in-house to research vulnerabilities and develop zero-day exploits, as appeared to be the case with the Conti ransomware group — leaked Conti chat files showed the threat actors discussing recently disclosed vulnerabilities and assigning members to build a scanner to identify potentially vulnerable systems.

"As ransomware groups collect increasingly large sums from their operations, we have observed them more frequently employ zero-day exploits in their operations," Sadowski says. Generally, though, it is extremely difficult to identify where a threat actor might have acquired a zero-day exploit, he says.

Bud Broomhead, CEO at Viakoo, says the increased use of zero-day exploits shows that threat actors are shifting their attack vectors away from vulnerabilities that traditional threat assessment and detection solutions would uncover. "That's why not just zero-day threats, but also exploiting IoT vulnerabilities and leveraging open source software, are rapidly growing enterprise threats," he says. The challenge for organizations is figuring out how to limit damage from a successful zero-day breach and figuring out how to protect against exploits targeting new attack vectors.

The growing use of zero-days highlights the need for organizations to have rapid, out-of-band patching capabilities, says John Bambenek, principal threat hunter at Netenrich.

"Organizations need to remain flexible and agile getting these into production," he says. "Remove as many barriers as possible to patching, including streamlining testing and change management."

Source

DARKReading