PRESS RELEASE

TEMPE, Ariz. and PRAGUE, Nov. 21, 2024 /PRNewswire/ -- Norton, a leading Cyber Safety brand of Gen™ (NASDAQ: GEN), has launched the new Norton Small Business Premium, an all-in-one, easy-to-use cybersecurity plan specifically designed for entrepreneurs and small businesses. In addition to powerful device security, Norton Small Business Premium features 24/7 Business Tech Support, Financial Monitoring, Social Media Monitoring and more.

"More than half (56%)\* of small business owners report that cybersecurity threats impact their business. Unfortunately, not enough of these entrepreneurs and small businesses have cybersecurity in place, often due to their cost and complexity," said Leena Elias, Chief Product Officer at Gen. "Norton Small Business Premium not only takes the work out of securing your business, we also help when other IT issues crop up."

Cybersecurity is crucial for businesses to protect their sensitive data, networks, and digital assets from cyberthreats that can lead to unauthorized access to company networks, data breaches, financial losses, and reputation damage. To help protect businesses where they need it most, Norton Small Business Premium includes features such as:

*   24/7 Business Tech Support: Subscriptions include access to Norton experts five time as year. These experts are available 24/7 for remote IT support on your devices, network, and software.
    
*   Financial Monitoring: Get alerts so you can act quickly if we detect suspicious transactions on your company's bank accounts.   
    
*   Social Media Monitoring: Prevent your business social media profiles from being taken over by regularly monitoring for suspicious activities on your accounts. 
    
*   Device Security: Real-time antivirus helps protect your devices, and our firewall\* helps block cybercriminals from accessing your network.
    
*   Secure VPN: Work online and access websites more safely at home or on the go with bank-grade VPN encryption.
    
*   Additional features include Password Manager, Cloud Backup, performance enhancements and more.
    

Norton Small Business Premium doesn't require an IT specialist or cybersecurity knowledge to use. It's easy to install and runs seamlessly in the background on Windows, Mac, Android, and iOS, allowing you to focus on your business without slowing down operations. 

Norton recommends 10 tips for small business Cyber Safety: 

1.  Learn to spot signs of phishing and teach your employees
    
2.  Only click links or download attachments from known sources
    
3.  Avoid sharing personal information or private company data over email
    
4.  Always keep your operating system, applications, and drivers up-to-date
    
5.  Make sure your WiFi network is protected with a strong password
    
6.  Regularly back up your data
    
7.  Require employees to use a VPN when doing company work on a public WiFi network (think airports and coffee shops)
    
8.  Always use multi-factor-authentication for an extra layer of protection
    
9.  Don't neglect mobile devices – make sure they are password protected and use security software
    
10.  Invest in a cybersecurity solution such as Norton Small Business Premium
    

Norton Small Business Premium is available now with prices starting at $299.99/year with options for 6, 10 or 20-device plans. For more information, please visit norton.com/products/small-business.

About Norton   
Norton is a leading Cyber Safety brand of Gen™ (NASDAQ: GEN), a global company dedicated to powering Digital Freedom through its family of trusted consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender and CCleaner. Gen empowers people to live their digital lives safely, privately, and confidently today and for generations to come. Gen brings award-winning products and services in cybersecurity, online privacy and identity protection to more than 500 million users in more than 150 countries. Learn more at Norton.com and GenDigital.com.

You May Also Like

Norton Introduces Small Business Premium for Business-Grade Security

The ONNX infrastructure has been servicing criminal actors as far back as 2017.

Source: Eric D ricochet69 via Alamy Stock Photo

Microsoft seized 240 domains belonging to ONNX, a phishing-as-a-service platform that enabled its customers to target companies and individuals since 2017.

ONNX was the top adversary-in-the-middle (AitM) phishing service, according to Microsoft's "Digital Defense Report 2024," with a high volume of phishing messages during the first six months of this year. Millions of phishing emails targeted Microsoft 365 accounts each month, and Microsoft has apparently had enough.

ONNX promoted and sold phishing kits on Telegram using a subscription service model, which ranged from $150 to $550 a month.

"The fraudulent ONNX operation offered phishing kits designed to target a variety of companies across the technology sector, including Google, Dropbox, Rackspace, and Microsoft," Microsoft said in its statement.

The attacks themselves are controlled through Telegram bots and come with built-in, two-factor authentication (2FA) bypass mechanisms. As of late, QR code phishing, also known as quishing, has also been enabled, targeting financial firms' employees. ONNX uses bulletproof hosting services that allow delays in phishing domain takedowns, as well as encrypted JavaScript code that decrypts itself, all of which allows them to be highly effective in carrying out attacks and evading detection.

"While today's legal action will substantially hamper the fraudulent ONNX's operations, other providers will fill the void, and we expect threat actors will adapt their techniques in response," stated Steven Masada, assistant general counsel at Microsoft's Digital Crimes Unit. "However, taking action sends a strong message to those who choose to replicate our services to harm users online: we will proactively pursue remedies to protect our services and our customers and are continuously improving our technical and legal strategies to have greater impact."

A full list of the 240 domains that were seized is available online.

**About the Author**

Microsoft Takes Action Against Phishing-as-a-Service Platform

PRESS RELEASE

New York City, NY. November 21, 2024 – Apono, the leader in privileged access for the cloud, today announced an update to the Apono Cloud Access Platform that enables users to automatically discover and revoke standing access to resources across their cloud environments. Users can then create guardrails for sensitive resources, allowing Apono to process and assess access requests, and quickly provide Just-in-Time, Just-Enough access to users when needed. Today’s update will be available across all three major cloud service providers, with AWS being the first to launch, followed by Azure and Google Cloud Platform. 

“Today’s update enriches the Apono Cloud Access Platform’s unique combination of automated discovery, assessment, management, and enforcement capabilities,” said Rom Carmel, CEO and Co-founder of Apono. “With deep visibility across the cloud, seamless permission revocation, and automated Just-in-time, Just-Enough Access, we eliminate one of the largest risks organizations face while ensuring development teams can innovate rapidly with seamless access within secure guardrails. This powerful combination is essential for modern businesses, unlocking a new level of security and productivity for our customers.” 

Standing access within the cloud has long been a prime target for cybercriminals, enabling them to swiftly escalate both horizontally and vertically during a breach. However, security teams have lacked complete visibility over existing standing access, leaving critical vulnerabilities across the user base. Additionally, security teams have been reluctant to revoke existing standing access due to the risk of impacting users' day-to-day needs, which can ultimately lead to significantly hampering business operations across the organization.  

Today’s update allows users to overcome this challenge by enabling security teams to: 

Gain complete visibility over user permissions, identifying 100% of standing user entitlements in the cloud and where high-risk, standing privileges exist. 

Confidently and seamlessly remove 95% of standing entitlements without impacting business operations.  

Use critical insights on high-risk permissions to inform remediation plans, guide administrators in establishing access flows, and automatically grant Just-in-Time, Just-Enough access to cloud resources for only the required duration before access is revoked again. 

“Over-privileged access is one of the most significant risks to identity security that organizations face today, and it's made even more challenging to manage by expanding cloud environments. At the same time, to keep pace, organizations need to grant permissions dynamically to support day-to-day work. This creates a complex obstacle: how can an organization grant the necessary access for productivity while also enhancing its identity security?” said Simon Moffatt, Founder and Analyst, The Cyber Hut, “With this in mind, delivering Just-in-Time and Just-Enough Access across cloud services should be the goal of modern identity management. An approach to solve this will help companies significantly reduce their attack surface while ensuring a seamless access experience for their workforce.” 

Apono will provide in-person demonstrations of today's update and the complete Apono Cloud Access Platform at AWS re:Invent from December 2-6. Click here to learn more.  

For more information, visit the Apono website here: www.apono.io. 

You May Also Like

Apono Enhances Platform Enabling Permission Revocation and Automated Access

Starting in 2025, the RSAC Innovation Sandbox Top 10 Finalists will each receive a $5 million investment to drive cybersecurity innovation.

SAN FRANCISCO, Nov. 21, 2024 /PRNewswire/ -- RSA Conference™, the world's leading cybersecurity conferences and expositions, today announced that starting in April 2025, the Top 10 Finalists in the RSAC Innovation Sandbox (ISB) contest will receive financing to help them further accelerate innovation to fight the next generation of cybersecurity threats. The investment program will provide these startups with additional capital to deliver solutions that help organizations defend against the increasing volume and complexity of cybersecurity attacks.

The RSAC™ ISB contest, celebrating its 20th anniversary in 2025, has become the world's premier showcase for the cybersecurity startup community. Some of the most successful cybersecurity innovators have competed in the RSAC ISB contest in order to highlight their game-changing ideas that have disrupted the cybersecurity industry. The contest has grown to receive roughly 150 applicants annually, forming an important source of innovation and ideation that has been essential in addressing ever-changing cybersecurity challenges. More than 750 investors, cybersecurity leaders, entrepreneurs and members of the media join the packed audience to watch the ISB event live.

The RSAC ISB contest has become a preeminent platform within the cybersecurity community, providing increased visibility and awareness to the Top 10 Finalists each year. Since the RSAC ISB contest's inception, companies named as Top 10 Finalists have collectively raised over $16.4 billion\* in investments and been involved in over 90 merger and acquisition transactions. Each year, a panel of independent judges selects the Top 10 Finalists after reviewing the applicants' submissions. At RSA Conference in San Francisco, each Top 10 Finalist presents an overview of their business, and a winner is selected by an independent panel of judges drawn from the cybersecurity community. Starting in 2025, the Top 10 Finalists will each receive a $5 million uncapped Simple Agreement for Future Equity (SAFE) investment, provided by affiliates of Crosspoint Capital Partners.

"Attackers are constantly adapting and changing their tradecraft. Continuous innovation from cybersecurity startups is essential to global cyber defense," said Dr. Hugh Thompson, Executive Chairman and long-serving program chair of RSA Conference, and Managing Partner of Crosspoint Capital Partners. "Historically, the RSAC Innovation Sandbox competition has anointed winners in cybersecurity long before they became winners in the marketplace. We are excited to introduce simplified, founder-friendly financing for the companies selected by the independent and neutral process of the RSAC Innovation Sandbox to further fuel cybersecurity innovation."

For many industry-leading cybersecurity companies, the ISB platform has been an important part of their journey. "When Wiz participated in the RSAC Innovation Sandbox contest in 2021, we were a young company in an emerging cybersecurity category," said Anthony Belfiore, Chief Security and Strategy Officer of Wiz. "The exposure that we received from the ISB platform and RSA Conference helped us attract more customers earlier in our journey. This was extremely helpful for us. This new investment program is a game-changer."

The investment program is delivered as an uncapped SAFE, which provides an immediate capital infusion while maintaining future fundraising flexibility. "Post Series A investment, subsequent rounds have trended to be larger with multiple investors. A valued security investor like Crosspoint Capital with the deep operational experience of their founding partners would be welcomed into the cap table," said Theresia Gouw, co-founding partner, Acrew Capital.

In addition to the investment capital, RSAC is also developing a new forum, the RSAC Founders Circle, to provide past and present ISB Top 10 Finalists with additional exposure, coaching, mentorship, and connections with the CISO community. This initiative will also serve as a powerful alumni network for these distinguished entrepreneurs. Multiple ISB finalists have gone on to become standalone public companies while others become attractive acquisitions for platform assets. These previous Top 10 Finalists include leading cybersecurity innovators such as: Wiz, Imperva, SentinelOne, Talon Cyber Security, Phantom Cyber, and Hidden Layer.

Additional details on the RSAC ISB submission process for qualifying candidates will be made available in January 2025.

RSAC's Commitment to the Cybersecurity Community

RSAC has a heritage of supporting important investments for the community through former and existing programs, including the RSAC Innovation Sandbox, RSAC Security Scholar, child online safety, College Day, community philanthropic activities during the Conference and Conference scholarships to underrepresented communities through its vast network of partners. A portion of the returns received from the investments made in the Top 10 Finalists will be used by RSAC to support the cybersecurity community.

\*Indicates latest numbers according to Crunchbase

Additional Quotes: 

Nasrin Rezai, SVP and Chief Information Security Officer, Verizon – RSAC Innovation Sandbox Judge

"CISOs like me who are constantly trying to sort through the barrage of new cybersecurity entrants are always looking for a signal on who to spend time with and which solutions to try," said Nasrin Rezai, SVP and Chief Information Security Officer, Verizon and returning ISB judge. "The rigorous process of picking these Top 10 Finalists creates a signal to the market of who to pay attention to."

Dean Sysman, Co-Founder and CEO, Axonius – RSAC 2019 Innovation Sandbox Winner 

"One of the best things you want to achieve as a startup in the cybersecurity world is to be a part of the RSAC Innovation Sandbox contest," said Dean Sysman, Co-Founder and CEO, Axonius. "RSA Conference is the most important place where cybersecurity business, ideas, and products get introduced, talked about, and reviewed. The recognition and validation that winning ISB provides coming from that esteemed judging panel was instrumental in people trusting that we would follow through in what we promised we would do for them. There is nothing to lose by applying. Winning it sets you apart in a very differentiated and unique way while pushing the industry to look at you in a new light."

Rehan Jalil, CEO, Securiti AI – RSAC 2020 Innovation Sandbox Winner

"Making it into the RSAC ISB Top 10 and then winning the contest sends a very strong signal to not only the venture capitalists but the industry at large. The panel of judges for the ISB competition is very diverse, and they each evaluate startups with a different lens, which ultimately helps you as a company be judged more holistically. Winning ISB put us on the map, boosting our brand and increasing customer engagement. Whether you raise money before the contest or after, you get community interest in potentially making a jump to the next stage once you make it into the Top 10," said Rehan Jalil, CEO of Securiti AI, RSAC 2020 Innovation Sandbox Winner.

Oliver Friedrichs, Founder and CEO, Pangea and Founder and CEO, Phantom Cyber – RSAC 2023 Innovation Sandbox Finalist and RSAC 2016 Innovation Sandbox Winner

"Being a Finalist puts you on the map and separates you from the pack," said Oliver Friedrichs, Founder and CEO of Pangea, RSA Conference 2023 Innovation Sandbox Finalist and Founder and CEO of Phantom Cyber, RSAC 2016 Innovation Sandbox Winner. "If you're a new, relatively unknown entity, it's a great way to launch your company on the big stage. The attention you get being a Top 10 Finalist attracts venture capitalists, strategic investors, and enterprise customers who are all trying to understand what these new companies are doing and how they can help me. This new investment program for the Top 10 Finalists is a testament to the quality and potential of these companies. This added funding provides an even greater long-term financial impact for these startups and further extends their runway." 

Dave Chen, co-head of Global Technology Investment Banking at Morgan Stanley – RSAC Innovation Sandbox Judge

"Several of the companies that have been selected to the ISB Top 10 have gone on to become juggernauts in cybersecurity. The Innovation Sandbox competition is where some of the biggest stories in cybersecurity begin," said Dave Chen, co-head of Global Technology Investment Banking at Morgan Stanley. "I'm honored to be a judge for the 2025 contest."

Ben Colman, Co-Founder and CEO, Reality Defender – RSAC 2024 Innovation Sandbox Winner 

"For over a year, we had board members, investors, and clients encourage us to apply to the Innovation Sandbox contest," said Ben Colman, Co-Founder and CEO of Reality Defender and winner of the RSA Conference 2024 Innovation Sandbox contest. "We applied with no expectations, made it to the Top 10, and quickly realized our fellow Finalists were almost all pure play cybersecurity companies — something we thought was our disadvantage as a cybersecurity company focused on AI, but ultimately proved to be why we won. Awarding future winners with an uncapped SAFE note now makes applying to RSAC Innovation Sandbox a truly game-changing proposition."

Paul Kocher, Independent Researcher, Investor and Marconi Prize winner – RSAC Innovation Sandbox Judge

"The Innovation Sandbox contest is a fantastic event and terrific driver for bringing new technology to market — and for entrepreneurs it's an opportunity to present to the ideal audience," said Paul Kocher, RSAC ISB Judge, Investor, Independent Researcher and Marconi Prize winner. "I've served as a judge for most of the contest's 20 years, and have seen first hand how it raises Finalists' profiles, helping start-ups build enthusiasm with customers, investors, and new hires. Although the strong field of applicants makes the selection process challenging, I appreciate the Conference and judges' commitment to ensuring the neutrality and independence of the evaluation and selection process."

About RSA Conference

RSA Conference™ is the premier series of global events and year-round learning for the cybersecurity community. RSAC is where the security industry converges to discuss current and future concerns and have access to the experts, unbiased content, and ideas that help enable individuals and companies advance their cybersecurity posture and build stronger and smarter teams. Both in-person and online, RSAC brings the cybersecurity industry together and empowers the collective "we" to stand against cyberthreats around the world. RSAC is the ultimate marketplace for the latest technologies and hands-on educational opportunities that help industry professionals discover how to make their companies more secure while showcasing the most enterprising, influential, and thought-provoking thinkers and leaders in cybersecurity today. For the most up-to-date news pertaining to the cybersecurity industry visit www.rsaconference.com. Where the world talks security.

RSA Conference 2025 Innovation Sandbox Contest Celebrates 20th Anniversary

PRESS RELEASE

SAN FRANCISCO, Nov. 21, 2024 /PRNewswire/ -- VISO TRUST, a leader in AI-powered third-party risk management (TPRM), today announced the closing of its latest funding round of $7M in additional funding, bringing the total raised to $24M, with participation from both existing investors, Bain Capital Ventures, Work-Bench, Sierra Ventures, and Lytical Ventures, and new investors, Allstate Strategic Ventures, Cisco Investments, EnvisionX Capital, and Scale Asia Ventures.

This funding will further VISO TRUST's mission to transform TPRM through an adaptive AI-driven platform, bringing enhanced security intelligence and seamless third-party risk management to enterprises worldwide.

Enhancing Third-Party Risk Management with Integrated Security Intelligence

VISO TRUST's AI-powered platform delivers real-time, evidence-based assessments by intelligently collecting, analyzing, and continuously monitoring artifacts from vendors. This approach removes friction for vendors, eliminates the manual analysis burden for TPRM professionals, and enables comprehensive, high-quality assessments. The platform analyzes control presence, testing methodologies, exceptions, Nth-party references, and more, allowing security teams to focus on strategic initiatives.

VISO TRUST's AI-driven automation platform has become the industry benchmark for third-party risk management for industry leaders like Upwork, Instacart, Notion, and Bain Capital. By leveraging intelligent automation, VISO TRUST reduces vendor assessment and onboarding time by up to 90%, cutting TPRM hours to mere minutes per vendor and enabling enterprises to achieve comprehensive risk management at scale. With rapid assessments completed in just 5-7 days and a remarkable 98% vendor adoption rate, the platform empowers organizations to make informed, proactive risk decisions.

Paul Valente, CEO of VISO TRUST, commented on the funding round:

"We're excited to assemble a set of complementary and deep tech investors to advance our mission of transforming third-party risk management. This funding will enable us to accelerate the innovation of our platform, creating a robust ecosystem that integrates security intelligence and aligns with today's complex business workflows."

An investment in Next-Generation Monitoring and Response

VISO TRUST is at the forefront of next-generation monitoring, aggregating and analyzing diverse sources of vendor intelligence, including breach advisories, Software Bill of Materials (SBOM), and SEC filings. The platform provides real-time insights, enabling teams to make data-driven decisions, respond swiftly to emerging threats, and maintain continuous compliance, offering a distinct advantage in managing evolving cyber risks across the cloud-first, AI-driven enterprise landscape. This funding round will allow VISO TRUST to scale its unique artifact-based platform, creating an adaptable AI governance framework focused on real risk reduction.

"VISO TRUST's platform reshapes governance, risk, and compliance, enabling organizations to streamline vendor risk assessments and manage evolving cyber risks with agility in an increasingly complex digital landscape leveraging AI," said Janey Hoe, vice president, Cisco Investments. "As part of Cisco's AI Fund, we are excited to help accelerate VISO TRUST's mission to enhance security intelligence and real-time monitoring capabilities for enterprises worldwide."

VISO TRUST continues to build a future in governance, risk, and compliance where AI not only strengthens security but empowers organizations to navigate the dynamic and high-stakes digital landscape with resilience and precision.

About VISO TRUST

VISO TRUST is an AI-driven third-party risk management platform transforming traditional vendor risk assessments through automation and acceleration. Our platform provides continuous monitoring, risk remediation, Nth-party intelligence, and seamless workflow integrations, serving a global customer base across sectors like financial services, healthcare, and technology. VISO TRUST helps organizations mitigate the risks of vendor relationships at scale.

For more information, visit www.visotrust.com or contact \[email protected\].

VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered Third-Party Risk Management

Dazz's remediation engine will  boost risk management in Wiz's cloud security portfolio.

Source: John Williams RF via Alamy Stock Photo

Cloud security provider Wiz announced on Thursday that it has entered into a deal to acquire Dazz, a Israeli startup specializing in security remediation and risk management. 

The cash-and-share deal is worth $450 million, TechCrunch reported, and the acquisition beefs up Wiz’s product portfolio. Earlier this year Wiz launched Wiz Code, a cloud application security product to help security and development teams identify and fix cloud risks directly in code before they become critical issues.

“Everything we do is rooted in customer need. Wiz has always been driven by a desire to help organizations actually improve their security posture—not just by reporting risks, but by prioritizing and resolving issues where it matters most,” Wiz CEO and founder Assaf Rappaport wrote on the company’s blog post announcing the deal. 

With the addition of Dazz’s remediation engine, Wiz will now enable security teams to work with data from multiple sources and manage risk in a single platform. 

“In today’s world, organizations must connect risks across the entire application lifecycle—from code to cloud and on-prem infrastructure. They need tools that prioritize issues with precision and make collaboration effortless. Dazz delivers on this need, simplifying remediation and empowering teams to act quickly and decisively,” Rappaport wrote.

Earlier this year Wiz raised $1 billion for strategic acquisitions, and rejected a $23 billion acquisition offer from Google. 

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

Cloud Security Startup Wiz to Acquire Dazz in Risk Management Play

In a sign of the times, a backdoor malware whose ancestors date back to 2005 has morphed to target Linux systems.

Source: Imagebroker via Alamy Stock Photo

Two well-documented Chinese backdoors have recently been modified to operate on Linux systems.

The advanced persistent threat (APT) "Gelsemium" is a decade old now, and the new malware tied to the group, Wolfsbane and Firewood, can trace their lineage back to 2005. Throughout its history, Gelsemium has focused on information gathering from Windows systems. Now, it has adjusted its tooling to operate just as effectively in Linux environments.

This, experts say, is merely the latest manifestation of a long-brewing trend.

"The Linux malware landscape is certainly accelerating," says Jason Soroko, senior fellow at Sectigo. "The increase does make sense, as organizations have heavily adopted Linux for their back office server needs, both on premises and in the cloud. Adversaries are developing cross-platform malware to maximize their reach."

**The Wolfsbane & Firewood Backdoors**

The first public sample of the first new backdoor, dubbed Wolsbane, was uploaded to VirusTotal on March 6, 2023, from Taiwan, with later uploads coming from the Philippines and Singapore (historically, Gelsemium has targeted entities in the Middle East and East Asia).

Contextual evidence suggests that the malware's authors have been exploiting vulnerabilities in Java Web applications to access public-facing Apache Tomcat servers. And a deeper look inside reveals unmistakable overlaps with Gelsevirine, a Windows backdoor known to be used by Gelsemium. In essence, the Wolfsbane malware was a Linux port of Gelsevirine, featuring a modified Beurk Experimental Unix RootKit to hide its various malicious activities.

Alongside Wolfsbane, though not definitively attributable to Gelsemium, was a second Linux-ported backdoor, Firewood. An addition to its varied and typical backdoor capabilities, it possesses a kernel-level rootkit. 

Most interestingly, Firewood appears to be the latest evolution of "Project Wood," a phylum of a backdoor that traces back generations to a program first compiled in January 2005. The latest manifestation of Project Wood before Firewood, NSPX30, was reported earlier this year.

**What Explains the Surge in Linux Cyber Threats?**

Cyber threats rise across the board every year, but the particular rise in Linux-based threats stands out. 

Since at least 2020, vendors have tracked double- and triple-digit year-over-year increases in Linux attacks. In its annual "Global Threat Report," Elastic Security has regularly found that the Linux threat landscape vastly outpaces that of macOS, more closely resembling Windows in terms of sheer volume of attacks. In 2023, for example, it found that 54% of endpoint attacks affected Linux-based devices, compared with just 39% for Windows.

Over the past 12 months, around 32% of malware infections have targeted Linux, according to Jake King, Elastic's head of threat and security intelligence. "While steadily increasing, we are seeing greater volumes of attacks and, in some cases, with greater levels of sophistication. The XZ/Liblzma backdoor discovered by researchers earlier this year shows the desire of adversaries to compromise Linux hosts, likely for a variety of reasons, growing in sophistication to supply chain compromise," he says.

The rising threats to Linux may be attributable to an increasing adoption of Linux in enterprise environments, as Soroko alluded to, or the generally improving state of Windows security — the explanation ESET went with in its blog post — or an explanation even simpler.

"One of the reasons for growing observations can always be targeted to adversarial focus changing, but it is also likely that security tooling and telemetry for Linux hosts are improving at a pace whereby attacks are identified earlier, with a greater level of context," King suggests. For example, "A growing trend for threat observations this year was Impaired Defenses for Linux, showing that adversaries are specifically looking to bypass security tools native to Linux or disable third-party security tools. This is important, as it shows we're exposing many attacks that would have previously gone undetected years ago."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

Chinese APT Gelsemium Deploys 'Wolfsbane' Linux Variant

Four of the arrested individuals of the cybercriminal gang, known for hacking MGM and Caesars, are American, all of whom could face up to 27 years in prison for the charges against them.

Source: Gregg Vignal via Alamy Stock Photo

Today the Department of Justice (DoJ) unsealed criminal charges against five individuals who belong to the hacking group "Scattered Spider," which is the cybercriminal group known for recruiting young people and carrying out high-profile cyberattacks, including last year's offensives against MGM Resorts and Caesar's Palace in Las Vegas.

The defendants allegedly targeted employees of companies across the United States via phishing messages, using the harvested employee credentials to log in to systems and steal private company data, including intellectual property, and personal identifying information, such as account credentials, names, email addresses, and telephone numbers. The indictment also says the group gained unauthorized access to individuals' cryptocurrency accounts and wallets, and stole millions of dollars of virtual currency.

Four of the defendants are American, ranging from 20 to 25 years old; the eldest, Joel Martin Evans, aka "joeleoli," of Jacksonville, N.C., made his first appearance in court yesterday after being arrested the day before by the FBI. All four of them are charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.

The fifth individual, Tyler Robert Buchanan, 22, is located in the United Kingdom and is facing charges of conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft.

"These individuals, and other actors that they have collaborated with, have caused so much pain and financial harm to organizations across North America through their disruptive intrusions," Charles Carmakal, Mandiant Consulting CTO at Google Cloud, wrote in an emailed statement to Dark Reading. "We hope this sends a message to the other actors they collaborate with that they aren't immune to consequences."

If convicted, each of the defendants would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years for conspiracy, and two years for aggravated identity theft. Buchanan would face an additional 20 years for the wire fraud count.

Scattered Spider Cybercrime Members Face Prison Time

Consolidating endpoint management boosts cybersecurity while keeping an Oklahoma-based nonprofit focused on community mental health.

Source: Everything Possible via Alamy Stock Photo

At the center of community care, a lifeline for mental health is making a lasting impact — strengthened by technology that ensures security without compromising compassion.

Mental-health center Family and Children's Services (FCS), based in Tulsa, Oklahoma, has helped transform the lives of members of its local community with programs to support their well-being, including child abuse and trauma support, as well as counseling for families and those suffering from substance abuse and addiction. The organization is more than 100 years old, serves more than 150,000 people each year, and offers services in more than 50 schools. It also more than doubled its staff in recent years and now has 1,500 employees who provide a variety of services, many that have moved online since the start of the pandemic.

These changes created a challenge for FCS CIO Brent Harris, who was responsible for protecting a rapidly growing organization with a sprawling IT environment and a boom in the number of endpoints in use. At the beginning of the pandemic lockdown in 2020, FCS distributed approximately 2,000 iPads and other devices to clients so that clinicians could offer teletherapy and telemedicine services. That brought the total number of devices that needed to be managed to around 3,500.

FCS was willing to spend on its core mission — serving the community's mental health needs — so most of its headcount growth was in its clinical staff. But Harris still had to manage with the same number of IT staff to keep costs down. Automation was key to solving this challenge.

"We needed a way to automate, to buy back time instead of trying to solve problems with manpower," Harris says. "We try to solve problems with technology."

**Piloting an Endpoint Management Platform**

The IT staff needed visibility into which software packages were on each device and whether the devices were being patched properly. The legacy system in use didn't give Harris the confidence that his team had that insight.

"Devices were on the network that we didn't see, and software was on someone's device that shouldn't be there that we didn't pick up on," Harris says. "Most of the things we found we found manually."

When FCS deployed Tanium as part of a pilot, the endpoint management platform immediately found devices that the legacy system had missed, Harris says. A tragic incident in the community shortly after illustrated the importance of having endpoint management technology with an accurate view of the environment.

"There was an event in our community where there was an active shooter, not at Family and Children's Services, but at a healthcare facility that a lot of us were familiar with," Harris says. "A lot of people in our agency had worked there in the past or had friends there, and so it really hit near home."

FCS needed a reliable employee notification system to ensure that the healthcare provider was prepared if a similar situation were to unfold. FCS was looking for a guarantee that everyone would receive information — such as employee notifications and software updates — pushed out by the system onto their individual devices.

"We would push it out to 1,000 endpoints and then get a report that said 796 of them received it, and we would have to manually go try to figure out where there were gaps," Harris says. "Tanium is far better at doing that. And in this case, you know, it's really life or death. If that scenario were to ever occur, we need to make sure that 100% of the devices on the network have the agent installed and it's running."

A trial run is an essential part of evaluating which technologies to purchase and deploy because it can help illuminate how well the solution meets the organization's needs, Harris says.

"We were able to do a pilot, and we were pretty convinced within a matter of days and weeks, not months, that this tool was going to be a very important part of our technology stack going forward," he adds.

**About the Author**

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

How a Mental Health Nonprofit Secures Endpoints for Compassionate Care

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack.

Akhil Mittal, Senior Manager, Black Duck Software

November 21, 2024

6 Min Read

Source: Brain light via Alamy Stock Photo

COMMENTARY

Despite massive investments in cybersecurity, breaches are still on the rise, and attackers seem to evolve faster than defenses can keep up. The IBM "Cost of a Data Breach Report 2024" estimates the average global breach cost has reached a staggering $4.88 million. But the true damage goes beyond the financial — it's about how quickly your organization can recover and grow stronger. Focusing only on prevention is outdated. It's time to shift the mindset: Every breach is an opportunity to innovate. 

**Turning Breaches Into Opportunities**

Breaches are no longer theoretical. They're happening right now — AI-powered hacks, supply chain vulnerabilities, and social engineering make them inevitable. IBM's report shows that 83% of organizations faced multiple breaches last year. One retail client I worked with had the same mindset: focusing on prevention and detection alone. But after facing multiple breaches, the company flipped its approach — each breach became a learning opportunity. Instead of panic, the company built resilience.

**Strengthening Defenses After Each Breach**

Organizations need to shift from asking, "How do we stop breaches?" to "How do we get stronger from breaches?" Here are five strategies that I've seen make a significant impact: 

**1\. From Breach to Micro-Incident **

Not every breach needs to be a disaster. By treating breaches as micro-incidents, you can contain the damage and quickly move forward. With network segmentation and behavioral analytics, threats can be isolated and stopped from spreading. One financial client cut its recovery time by 50% by adopting self-isolating networks. When suspicious activity was detected, the network kicked into action, isolating the threat and stopping its spread. 

**2\. Stress Test Daily **

Running breach simulations once or twice a year is no longer enough. Leading organizations are stress-testing their defenses daily. This goes beyond testing — it's about actively rehearsing for real-world scenarios, ensuring your teams are battle-ready. Think of it like chaos engineering: You aren't just hoping for the best. You're deliberately looking for weaknesses so you can fix them before attackers find them. This approach helped another client find multiple weak points that were missed in its regular annual penetration tests. 

**3\. Minimize Human Intervention **

When a breach hits, speed is everything. Self-healing systems powered by AI automatically isolate compromised systems and begin repairs without the need for human intervention. One of my e-commerce clients cut its recovery time in half with self-healing technology. Its teams could stop putting out fires and focus on strategic long-term improvements. 

**4\. Adaptive Defense **

Every breach is an opportunity to learn and improve. One of the financial clients created a feedback loop that used AI-powered systems to analyze each breach. Machine learning models adapted defenses, spotting patterns in the attacks, adjusting firewall rules, and fine-tuning detection algorithms. Gartner predicts that by 2026, 30% of enterprises will automate more than half of their network activities, using AI to detect and respond to threats in minutes. 

**5\. Collective Defense **

No one fights cyber threats alone. A healthcare consortium I know began sharing real-time threat intelligence with other organizations. This collective defense approach helped it detect and stop attacks faster. Participating in networks like Information Sharing and Analysis Centers (ISACs) or using platforms like MITRE ATT&CK can boost defenses across industries by pooling insights and data. 

**Cybersecurity as a Competitive Advantage**

Resilience is the new competitive advantage. You can't prevent every breach, but how quickly you respond is what sets you apart. Accenture found that 87% of consumers trust companies that handle breaches with transparency and resilience. It's not the breach itself that builds trust, of course — it's how you respond. 

In industries like finance, healthcare, and technology, resilience not only helps you recover but also fosters customer loyalty. As cyber threats become more global, regulations like GDPR in Europe demand fast, transparent responses. In the Asia-Pacific region, rapid digital transformation is creating new attack surfaces. Wherever your business operates, resilience is key to success.

**Actionable Steps for CISOs**

Here's how chief information security officers (CISOs) can turn breaches into growth opportunities: 

*   Run continuous breach simulations: Make breach simulations part of your daily routine. Simulate phishing, ransomware, and supply chain attacks to identify vulnerabilities before real attackers exploit them. Leading companies, inspired by chaos engineering, run controlled breach tests every day, treating each one as an opportunity to fine-tune their incident response plans. 
    
*   Adopt self-healing systems: AI-powered self-healing systems minimize downtime by automatically detecting and isolating compromised systems, ensuring your business keeps running. With 24/7 monitoring tools, you can spot unusual behavior fast, allowing your teams to focus on strategic initiatives instead of reactive firefighting. 
    
*   Leverage AI-driven threat intelligence sharing: Join intelligence-sharing networks like ISACs to collaborate with peers. Real-time threat data allows organizations to stay ahead of emerging threats. Platforms like MITRE ATT&CK help teams analyze adversary behaviors, enabling them to fine-tune defense strategies. 
    
*   Prepare for quantum computing: While quantum computing is still emerging, it could eventually break today's encryption standards. Start preparing now by researching quantum-resistant encryption and staying informed on the latest industry developments. 
    
*   Create a resilience-first culture: Resilience shouldn't just be a buzzword — it must become part of your company's DNA. Encourage your teams to learn from every incident, find gaps in your defenses, and use them as opportunities to build stronger systems. Regularly debrief after breaches to reflect on what went right, not just what went wrong. This helps create a culture of continuous improvement, ensuring that your organization gets stronger after every incident. 
    

Resilience isn't just the CISO's job. CEOs and compliance officers also play crucial roles in aligning the entire organization with resilience strategies. Regulatory frameworks like Europe's General Data Protection Regulation (GDPR) and the US Portability and Accountability Act (HIPAA) demand transparent recovery protocols, and how leadership handles breaches impacts brand trust, shareholder confidence, and customer loyalty.

**Leading With Resilience**

The future of cybersecurity isn't about preventing every breach — it's about learning and growing stronger with each attack. Companies that turn breaches into opportunities for innovation won't just survive — they'll lead. By adopting resilience-first strategies, continuous improvement, and adaptive defenses, your organization can turn security challenges into competitive advantages. 

**About the Author**

Senior Manager, Black Duck Software

Akhil Mittal is a recognized cybersecurity leader with more than two decades of experience in application security, cloud security, and DevSecOps. As a Gartner Cybersecurity ambassador and senior manager at Black Duck Software, he leads key security initiatives, helping global organizations strengthen their defenses against advanced cyber threats. Akhil has worked closely with chief information security officers (CISOs) and executive leadership to align security strategies with business goals, ensuring robust protection across industries. He also contributes his expertise through leading cybersecurity publications and serves as a judge for top industry awards and hackathons. Certified in CISSP and CCSP, his work continues to shape the future of cybersecurity, driving innovation and resilience worldwide.

Source

DARKReading