The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos.
The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with the agency describing the activity as likely motivated by espionage given the toolset employed.
The

Threat Intelligence / Cyber War

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos.

The mass phishing campaign has been attributed to a threat actor it tracks as **UAC-0050**, with the agency describing the activity as likely motivated by espionage given the toolset employed.

The bogus emails that kick-start the infection sequence claim to be from Ukrainian telecom company Ukrtelecom and come bearing a decoy RAR archive. Of the two files present in the file, one is a password-protected RAR archive that's over 600MB and the other is a text file containing the password to open the RAR file.

Embedded within the second RAR archive is an executable that leads to the installation of the Remcos remote access software, granting the attacker full access to commandeer compromised computers.

Remcos, short for remote control and surveillance software, is offered by Breaking Security either for free or as a premium version that costs anywhere between €58 and €945.

The Italian company calls it a "lightweight, fast and highly customizable Remote Administration Tool with a wide array of functionalities."

The latest CERT-UA advisory comes as the State Cyber Protection Centre (SCPC) of Ukraine pointed fingers at a Russian state-sponsored threat actor known as Gamaredon for its targeted assaults aimed at public authorities and critical information infrastructure.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it.

The European Union’s General Data Protection Regulation, enacted in 2018, provides far-from-perfect data privacy protection, but it stands in stark contrast to the legislative dearth in the United States, where there are no comprehensive federal data privacy laws on the books. In his second State of the Union address, though, US President Joe Biden devoted more attention than ever to the need for such a measure. 

With political control of the US Congress now split, Biden asserted that a data privacy law could garner bipartisan support. It's an idea that has been gaining traction in recent years, and the mention of data privacy issues in Tuesday’s State of the Union sets a precedent that the topic should be of real concern to US presidents and the public.

“We must finally hold social media companies accountable for experimenting they’re doing \[on\] children for profit,” Biden said during his speech, garnering a standing ovation from members of both parties. “It’s time to pass bipartisan legislation to stop Big Tech from collecting personal data on our kids and teenagers online. Ban targeted advertising to children and impose stricter limits on the personal data that companies collect on all of us.”

Previous US presidents rarely mentioned data privacy in the State of the Union. Former president Donald Trump never mentioned the topic in any of his annual addresses. Former president Barack Obama mentioned the topic only once during the 2014 State of the Union, following revelations about the previously undisclosed scale and scope of the National Security Agency’s bulk surveillance programs. He said then: “Working with this Congress, I will reform our surveillance programs—because the vital work of our intelligence community depends on public confidence, here and abroad, that the privacy of ordinary people is not being violated.”

In his first State of the Union, in 2022, Biden talked about data privacy as it pertains to protecting children. “It’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children,” he said at the time. 

Biden’s remarks this year went further, signaling a shift in mainstream understanding about the urgency of improving data privacy protection in the US. Whether the step will lead to productive action in 2023, though, is less clear. In his remarks, Biden called for cooperation among lawmakers—a dynamic lacking in both chambers on Capitol Hill. “To my Republican friends, if we could work together in the last Congress, there is no reason we can’t work together and find consensus on important things in this Congress as well,” he said. 

All parts of the US political spectrum would likely agree that the previous Congress was not exactly a shining example of a high-functioning, collaborative legislative branch. By including a mention of data privacy in the State of the Union, Biden is adding extra pressure on his administration and lawmakers to deliver on an issue that affects everyone.

Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.

**Description**

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax\_save\_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.

**References**

*   plugins.trac.wordpress.org
*   plugins.trac.wordpress.org

**Share**

**1 affected software package**

Software Type

Plugin

Software Slug

wicked-folders (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.18.17, or a newer patched version

Affected Version

*   <= 2.18.16

Patched Version

*   2.18.17

All the threat data shared in this database is powered by **Wordfence Intelligence**.  
Interested in integrating this data into your platform or network?  
Contact us now to discuss API access to our Wordfence Intelligence Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?  
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence Community Edition WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

CVE-2023-0718: Wicked Folders <= 2.18.16 - Missing Authorization on ajax_save_folder — Wordfence Intelligence Community Edition

For the moment, victims can decrypt data without paying a ransom. But Clop is a ransomware variant that has caused havoc on Windows systems, so that's bound to change.

A newly spotted version of the prolific Clop ransomware family holds both good and bad news for security teams.

The good news is the malware is faulty, and victims can relatively easily decrypt any data it encrypts without first having to pay a ransom for a decryption key. The bad news is the new malware also is the first Linux version of Clop, a particularly nasty ransomware variant associated with numerous high-profile attacks that have netted its operators hundreds of millions of dollars.

**Faulty Encryption**

Researchers from SentinelOne's SentinelLabs threat hunting team observed the latest Clop variant targeting Linux systems at a university in Colombia. Samples that the company analyzed showed the Linux code to have a similar logic as its more pernicious Windows relative, with minor differences involving API calls and other features unique to the different operating systems.

SentinelOne's analysis showed Clop's Linux version is still likely only in its initial development stages and missing many of the obfuscation and evasive capabilities that are present in Windows' versions of the malware. The security vendor assessed that the reason for this might have to do with the fact that not one of the 64 virus-detection engines on Virus Total are currently able to detect the Linux Clop variant.

Significantly, SentinelOne's researchers found the encryption logic in the Linux variant to be flawed. "The issue boils down to a couple of key differences between the Windows and Linux variants," says Antonis Terefos, threat intelligence researcher at SentinelOne.

The Linux version includes a hardcoded master key, which, when extracted, allows for decryption, he says. "The flaw allows for the simple extraction or discovery of what the RC4 'master key' is for a given sample," he notes, adding that SentinelOne has released a free decryptor for the variant.

The Windows version, on the other hand, contains a number of validation steps, along with a different key generation process, making it hard to retrieve the master key in similar fashion. Specifically, the Windows version generates an RC4 key for each encrypted file on a compromised system and then encrypts the encryption key itself and stores it on the system. Victims who pay the ransom receive a decryption key for decrypting the RC4 key, which is then used to decrypt the actual data.

**Other Differences Between Windows & Linux Clop Versions**

SentinelOne also discovered other differences between the Windows and Linux variants of Clop. The Windows variant, for instance, includes logic that excludes specific files, folders, and extensions on a system from encryption. With the Linux variant, on the other hand, paths targeted for encryption are hardcoded into the malware, Terefos says: "Therefore, there is no need to 'exclude' unwanted locations."

The new Clop version adds to a growing list of ransomware variants targeting Linux systems; other examples include Hive, Smaug, Snake, and Quilin. Researchers from Trend Micro who have been tracking the trend, reported a 75% increase in ransomware attacks that targeted Linux systems in the first half of 2022 compared with the prior year. In a September report, the security vendor reported observing some 1,960 instances where a threat actor used Linux ransomware in an attack attempt, compared with 1,121 in the same period in 2021.

**Mounting Attacker Interest in Linux Malware**

Since then, the situation has only gotten worse for Linux systems. During 2022 as a whole, Trend Micro identified some 27,602 attacks involving Linux malware, says Jon Clay, vice president of threat intelligence at Trend Micro. That represented a 628% increase over 2021, he notes, adding, "we are seeing many more ransomware groups targeting Linux systems."

The attacks are part of a broader increase in all kinds of malware targeting Linux environments, Clay says. As one example, he points to a 61% increase in cryptominers targeting Linux from 2021 to 2022. Others such as VMware have noted an increase in different kinds of malware tools targeting virtual machines and containers via Linux hosts. In a report last year, the company reported identifying more than 14,000 instances where attackers attempted to deploy the Cobalt Strike post-exploit toolkit on a Linux host.

Attacks targeting Windows systems continue to outnumber those directed at Linux environments by orders of magnitude. Still, the growing attacker interest in Linux is something enterprises cannot ignore. 

"Linux and cloud devices offer a rich pool of potential victims," Terefos says. "In recent years, many organizations have shifted toward cloud computing and virtualized environments, making Linux and cloud systems increasingly attractive targets for ransomware attacks."

The rise in cross-platform programming languages such as Rust and Go are another factor in the mix because they have lowered the barrier of porting malware to other platforms, Terefos notes. "We've seen this with other groups like Hive, Royal, LockBit, Agenda, etc. Successfully targeting cloud environments is an operational necessity for the future success of these groups."

Fresh, Buggy Clop Ransomware Variant Targets Linux Systems

Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers.

A recent round of compromises that exploited unpatched Zimbra devices was an effort sponsored by the North Korean government and intended to steal intelligence from a collection of public and private medical and energy sector researchers.

Analysts with W Labs explained in a new report that due to an overlap in techniques — and thanks to a misstep by one of the threat actors — they were able to attribute "with high confidence" the recent round of cyber incidents against unpatched Zimbra devices as the work of Lazarus Group, a well-known threat group sponsored by the North Korean government. Lazarus operated this campaign and other similar intelligence-gathering efforts through the end of 2022.

The researchers named the campaign "No Pineapple" after an error message generated by the malware during their investigation. The threat actors quietly exfiltrated about 100GB of data, without waging any disruptive cyber operations or destroying information.

"The campaign targeted public and private sector research organizations, the medical research, and energy sector as well as their supply chain," the W Labs report added. "The motivation of the campaign is assessed to be most likely for intelligence benefit."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

DPRK Using Unpatched Zimbra Devices to Spy on Researchers

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story.

Organizations using older versions of VMWare ESXi hypervisors are learning a hard lesson about staying up-to-date with vulnerability patching, as a global ransomware attack on what VMware has deemed "End of General Support (EOGS) and/or significantly out-of-date products" continues.

However, the onslaught also points out wider problems in locking down virtual environments, the researchers say.

VMware confirmed in a statement Feb. 6 that a ransomware attack first flagged by the French Computer Emergency Response Team (CERT-FR) on Feb. 3 is not exploiting an unknown or "zero-day" flaw, but rather previously identified vulnerabilities that already have been patched by the vendor.

Indeed, it was already believed that the chief avenue of compromise in an attack propagating a novel ransomware strain dubbed "ESXiArgs" is an exploit for a 2-year-old remote code execution (RCE) security vulnerability (CVE-2021-21974), which affects the hypervisor's Open Service Location Protocol (OpenSLP) service.

"With this in mind, we are advising customers to upgrade to the latest available supported releases of vSphere components to address currently known vulnerabilities," VMware told customers in the statement.

The company also recommended that customers disable the OpenSLP service in ESXi, something VMware began doing by default in shipped versions of the project starting in 2021 with ESXi 7.0 U2c and ESXi 8.0 GA, to mitigate the issue.

**Unpatched Systems Again in the Crosshairs**

VMware's confirmation means that the attack by as-yet unknown perpetrators that's so far compromised thousands of servers in Canada, France, Finland, Germany, Taiwan, and the US may have been avoided by something that all organizations clearly need to do better — patch vulnerable IT assets — security experts said.

"This just goes to show how long it takes many organizations to get around to patching internal systems and applications, which is just one of many reasons why the criminals keep finding their way in," notes Jan Lovmand, CTO for ransomware protection firm BullWall.

It's a "sad truth" that known vulnerabilities with an exploit available are often left unpatched, concurs Bernard Montel, EMEA technical director and security strategist for security exposure management firm Tenable**.**

"This puts organizations at incredible jeopardy of being successfully penetrated," he tells Dark Reading. "In this case, with the … VMWare vulnerability, the threat is immense given the active exploitation."

However, even given the risks of leaving vulnerable systems unpatched, it remains a complex issue for organizations to balance the need to update systems with the effect the downtime required to do so can have on a business, Montel acknowledges.

"The issue for many organizations is evaluating uptime, versus taking something offline to patch," he says. "In this case, the calculation really couldn’t be more straightforward — a few minutes of inconvenience, or days of disruption."

**Virtualization Is Inherently a Risk**

Other security experts don't believe the ongoing ESXi attack is as straightforward as a patching issue. Though lack of patching may solve the problem for some organizations in this case, it's not as simple as that when it comes to protecting virtualized environments in general, they note.

The fact of the matter is that VMware as a platform and ESXi in particular are complex products to manage from a security perspective, and thus easy targets for cybercriminals, says David Maynor, senior director of threat intelligence at cybersecurity training firm Cybrary. Indeed, multiple ransomware campaigns have targeted ESXi in the past year alone, demonstrating that savvy attackers recognize their potential for success.

Attackers get the added bonus with the virtualized nature of an ESXi environment that if they break into one ESXi hypervisor, which can control/have access to multiple virtual machines (VMs), "it could be hosting a lot of other systems that could also be compromised without any additional work," Maynor says.

Indeed, this virtualization that's at the heart of every cloud-based environment has made the task of threat actors easier in many ways, Montel notes. This is because they only have to target one vulnerability in one instance of a particular hypervisor to gain access to an entire network.

"Threat actors know that targeting this level with one arrow can allow them to elevate their privileges and grant access to everything," he says. "If they are able to gain access, they can push malware to infiltrate the hypervisor level and cause mass infection."

**How to Protect VMware Systems When You Can't Patch**

As the latest ransomware attack persists — with its operators encrypting files and asking for around 2 Bitcoin (or $23,000 at press time) to be delivered within three days of compromise or risk the release of sensitive data — organizations grapple with how to resolve the underlying issue that creates such a rampant attack.

Patching or updating any vulnerable systems immediately may not be entirely realistic, other approaches may need to be implemented, notes Dan Mayer, a threat researcher at Stairwell. "The truth is, there are always going to be unpatched systems, either due to a calculated risk taken by the organizations or due to resource and time constraints," he says.

The risk of having an unpatched system in and of itself may be mitigated then by other security measures, such as continuously monitoring enterprise infrastructure for malicious activity and being prepared to respond quickly and segment areas of attack if a problem arises.

Indeed, organizations need to act on the assumption that preventing ransomware "is all but impossible," and focus on putting tools in place "to lessen the impact, such as disaster recovery plans and context-switched data," notes Barmak Meftah, founding partner at cybersecurity venture capital firm Ballistic Ventures.

However, the ongoing VMware ESXi ransomware attack highlights another issue that contributes to an inherent inability for many organizations to take the necessary preventative measures: the skill and income gaps across the globe in the IT security realm, Mayer says.

"We do not have enough skilled IT professionals in nations where wealthy companies are targets," he tells Dark Reading. "At the same time, there are threat actors across the globe who are able to make a better living leveraging their skills to extort money from others than if they took legitimate cybersecurity work."

Mayer cites a report by the international cybersecurity nonprofit (ICS2) that said to secure assets effectively, the cybersecurity workforce needs 3.4 million cybersecurity workers. Until that happens, "we need to ramp up training these workers, and while the gap still exists, pay those with the skills around the world what they are worth, so they don’t turn to being part of the problem," Mayer says.

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

WordPress Metform Elementor Contact Form Builder plugin versions 3.1.2 and below suffer from a persistent cross site scripting vulnerability.

    Affected Plugin: Metform Elementor Contact Form BuilderPlugin Slug: metformAffected Versions: <= 3.1.2CVE ID: CVE-2023-0084CVSS Score: 7.2 (High)CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:NResearcher/s: Mohammed El Amin, Chemouri Fully Patched Version: 3.2.0The Metform Elementor Contact Form Builder plugin allows site builders to create highly functional contact forms. Unfortunately, vulnerable versions of the Metform plugin fail to escape submitted form entries when displaying them in the admin panel.This meant that any site visitor could fill out a contact form with malicious JavaScript, and that the script would execute in the browser of any administrator viewing that form entry.While sanitizing input may also have helped, escaping output is much more important for preventing Cross-Site Scripting as bypasses are far less common.The patched version updated the format_form_data function to escape the output form data in order to address this issue.An attacker able to execute JavaScript in the browser of an administrator can use it to take over a website via several methods, including by adding a new malicious administrator or injecting a backdoor into a plugin or theme on the site.Unauthenticated Stored Cross-Site Scripting vulnerabilities are the most dangerous variant of Cross-Site Scripting for WordPress sites as they are much easier for attackers to automatically exploit en masse without needing an existing user account.TimelineJanuary 4, 2023 - Mohammed Chemouri responsibly discloses the vulnerability to the plugin vendor and our Vulnerability Disclosure program.January 8, 2023 - A patched version of the Metform plugin, 3.2.0, is made available.February 3, 2023 - The Wordfence Threat Intelligence team discovers a potential bypass of the existing Cross-Site Scripting rule and releases an additional firewall rule to Wordfence Premium, Care, and Response sites.March 5, 2023 - The firewall rule becomes available to Wordfence free users.ConclusionIn today’s post we detailed an unauthenticated stored Cross-Site Scripting vulnerability in the Metform plugin discovered and responsibly disclosed by independent security researcher Mohammed Chemouri. The Wordfence firewall’s built-in Cross-Site Scripting protection should provide coverage for all Wordfence users including those using Wordfence free.While we did find a potential bypass and deploy an additional rule to coverit, we have not seen this vulnerability exploited at a large scale in the wild, and have not seen any instances of the bypass being exploited. Nonetheless, we strongly recommend updating to the latest version of the Metform Elementor Contact Form Builder plugin, which is 3.2.1 at the time of this writing.If you believe your site has been compromised as a result of this vulnerability or any other vulnerability, we offer Incident Response services via Wordfence Care. If you need your site cleaned immediately, Wordfence Response offers the same service with 24/7/365 availability and a 1-hour response time. Both of these products include hands-on support in case you need further assistance.If you have any friends or colleagues who are using this plugin, please share this announcement with them and encourage them to update to the latest patched version of Metform Elementor Contact Form Builder as soon as possible.If you are a security researcher, you can responsibly disclose your finds to us and obtain a CVE ID and get your name on the Wordfence Intelligence Community Edition leaderboard.

WordPress Metform Elementor Contact Form Builder 3.1.2 Cross Site Scripting

By Habiba Rashid
Google's CEO, Sundar Pichai, described the ChatGPT rival, Bard, as an "experimental conversational AI service" powered by LaMDA.
This is a post from HackRead.com Read the original post: Google Introduces Bard: New ChatGPT Rival

For now, Bard is only available to “trusted testers”; however, Google intends to make it more widely available to the public in the coming weeks.

ChatGPT’s sensational popularity, which has been growing ever since its launch last November, seems to have finally affected Google, seeing as it has announced its very own **ChatGPT** alternative and rival named Bard.

Google’s CEO, Sundar Pichai, officially announced the project in a blog post on Monday, describing the tool as an experimental conversational AI service, designed to engage in conversations with users while answering their queries. 

Despite not revealing many details about Bard’s capabilities, it seems apparent that the chatbot will have free-ranging characteristics similar to those of **OpenAI’s ChatGPT**.

“Bard seeks to combine the breadth of the world’s knowledge with the power, intelligence and creativity of our large language models. It draws on information from the web to provide fresh, high-quality responses.

Bard can be an outlet for creativity, and a launchpad for curiosity, helping you to explain new discoveries from **NASA’s James Webb Space Telescope** to a 9-year-old, or learn more about the best strikers in football right now, and then get drills to build your skills,” writes Pichai. 

However, a significant difference is that, unlike ChatGPT, which can only access information up to 2021 and does not have access to the web, Bard is powered by Google’s Language Model for Dialog Applications (**LaMDA**) and will draw on all the information from the web to curate responses. 

Image: Google

Bard has been opened up to trusted testers, and according to Google’s **blog post**, the technology and search engine giant intends to make it “more widely available to the public in the coming weeks.” 

Although Google promises to “combine external feedback with our own internal testing to make sure Bard’s responses meet a high bar for quality, safety and groundedness in real-world information,” it is likely that Bard will face limitations similar to those faced by ChatGPT since both are built on text generation software. 

Besides being prone to providing fabricated information, AI models trained on text scraped online are susceptible to exhibiting racial and gender biases and repeating hateful language.

Along with Google’s AI image generator, Imagen, and its AI music generator, MusicLM, Bard has also been added to a list of advanced AI services that have yet to be released to the public.

1.  **Fields of application of artificial intelligence**
2.  **AI-based Model to Predict Extreme Wildfire Danger**
3.  **How Artificial intelligence (AI) Stops Cybercriminals**
4.  **Microsoft patent reveals chatbot to talk to dead people**
5.  **AI-Powered Glasses Give Deaf People Power of Speech**

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Google Introduces Bard: New ChatGPT Rival

**WILMINGTON, Del.****,** **Feb. 7, 2023** **/PRNewswire/ --** Intel 471, the premier provider of cyber threat intelligence solutions across the globe, today announced the release of its suite of Attack Surface Protection solutions, specifically designed to scale and grow with the needs of security teams worldwide.

The Intel 471 Attack Surface Protection suite is comprised of three offerings enabling organizations to identify, manage, and protect their digital footprint from the ever increasing and sophisticated cyber threats. Specifically:

*   **Attack Surface Discovery** – maps an enterprise's digital footprint at a single point in time using data from over 200 different OSINT sources, perform scans, probe for vulnerabilities and weaknesses, and identify Shadow IT assets
*   **Attack Surface Management** – builds on Attack Surface Discovery adding continuous monitoring of your attack surface, scan comparisons, automated alerts, and APIs to implement orchestration.
*   **Attack Surface Intelligence** – super charges Attack Surface Management by adding Intel 471 threat intelligence from the cyber underground, which exposes an entire class of threats to your attack surface.

Intel 471 Attack Surface Protection solutions are built upon the company's acquisition of SpiderFoot, a best-in-class open-source intelligence platform purposefully built to assist security professionals in the automation of asset discovery, attack surface monitoring or security assessments. SpiderFoot's CEO, Steve Micallef now serves as Intel 471's vice president of Attack Surface Technology and has been instrumental in developing our Attack Surface Protection solutions. 

"With digital transformation driving an ever-expanding attack surface, enterprises must have best-in-class solutions to identify, monitor, alert and protect their digital footprint and extended third-party attack surface.  As the premier provider of cyber threat intelligence, our solutions are tailored to grow and scale to meet enterprises' business requirements," said Mark Arena, CEO of Intel 471. "Our strategic acquisition of SpiderFoot and the release of our Attack Surface Protection solutions expand our portfolio to meet the specific and individualized attack surface needs of customers worldwide."

**About Intel 471**

Intel 471 empowers enterprises, government agencies, and other organizations to win the cybersecurity war using near-real-time insights into the latest malicious actors, relationships, threat patterns, and imminent attacks relevant to their businesses.

The company's TITAN platform collects, interprets, structures, and validates human-led, automation-enhanced results. Clients across the globe leverage this threat intelligence with our proprietary framework to map the criminal underground, zero in on key activity, and align their resources and reporting to business requirements. Intel 471 serves as a trusted advisor to security teams, offering ongoing trend analysis and supporting your use of the platform. Learn more at https://intel471.com/.

Intel 471 Announces Powerful and Scalable Attack Surface Protection Solution Suite

**LOS ALTOS, Calif.****,** **Feb. 7, 2023** **/PRNewswire/ --** Contrast Security (Contrast), the code security platform built for developers and trusted by security, today released its Cyber Bank Heists report, an annual report that exposes the cybersecurity threats facing the financial sector.

Authored by Contrast's Senior Vice President of Cyber Strategy Tom Kellermann, the report is a warning to global financial institutions (FIs) that security must be a top-of-mind issue amid rising geopolitical tensions, increased destructive attacks utilizing wipers and a record-breaking year of zero-day exploits. Financial sector security leaders from around the world - in a series of interviews - revealed specific trends when it comes to notable cyberattacks, e-fraud and cyber defense. Some of the most eye-opening results from the report include:

*   60% were victimized by destructive attacks
*   64% saw an increase in application attacks, while 50% experienced attacks against their APIs
*   48% experienced an increase in wire transfer fraud
*   50% have detected campaigns to steal non-public market information
*   54% of the banks were most concerned with the cyber threat posed by Russia
*   72% plan to invest more in application security in 2023

"The increase of online threats, phishing, ransomware attacks, account takeovers and business email compromises impacting the financial sector is growing every day and we can see in real-time the damage this is doing to the longevity of businesses and the impact it's having on our economy," said Derek Booth, Assistant to the Special-Agent-in-Charge, U.S. Secret Service and Head of the Mountain West Cyber Fraud Task Force. "I applaud Tom Kellermann for speaking with some of the most influential people within the sector to determine solutions that can better protect FIs against vulnerabilities in banks and methods of commerce through industry-wide transparency."

"The complexity of securing financial digital systems and the need to develop new ways to guard against sophisticated cyberattacks has increased exponentially in the last year. In response, FIs are fighting to evolve and create more effective prevention, detection and response to these damaging attacks," said Booth.

"Cybersecurity can no longer be viewed as an expense but rather a functionality of conducting business. Trust and confidence in the safety of FIs depend on effectively mitigating and responding to cyberattacks," said Kellermann.

The report provides helpful guidance, and specific defensive countermeasures to defend against growing cybercrime conspiracies and cyberespionage including:

1.  Deploy intelligent runtime protection
2.  Conduct weekly threat hunting
3.  Deploy AppSec for serverless platforms
4.  Defend your APIs
5.  Add a cybersecurity specialist to your board

"The financial sector needs to shift its thinking when it comes to attacks, as geo-political tensions manifest via cyberattacks. Cybercrime cartels are modernizing their criminal conspiracies so as to steal non-market information and destroy the integrity of sensitive data within financial institutions," said Kellermann. "This is no longer a question of duty of care but rather a duty of loyalty to the digital safety of customers. That is why the Cyber Bank Heists report not only highlights these trends but depicts countermeasures that can help institutions defend from within."

Booth will be joining Kellermann for a LinkedIn Live roundtable discussion at 9:00am PST on Tuesday, February 7 and a live webinar at 9:00am PST on Thursday, February 23 to discuss their reactions to the report and the financial security risks impacting organizations this year. Contrast also published a three-part blog series that dives deeper into cyberattack trends, e-fraud, and defensive shifts. 

To download the Cyber Bank Heists report, please visit https://www.contrastsecurity.com/cyberbankheistsreport. FIs can also request a demo of Contrast's financial capabilities by visiting https://www.contrastsecurity.com/solutions/financial-services. 

**About Cyber Bank Heists report:** 

Authored by Contrast's Senior Vice President of Cyber Strategy Tom Kellermann, the annual Cyber Bank Heist report includes findings from interviews conducted with global financial sector leaders focusing on the current state of security threats and the defensive shifts made by cybercriminals. The report provides an analysis of geopolitical tensions, destructive attacks and zero-day exploits from the previous year. It also offers specific defensive countermeasures that should be employed by FIs to protect against growing cybercrime conspiracies and cyberespionage. To learn more about the annual Cyber Bank Heists report, please visit https://www.contrastsecurity.com/cyberbankheistsreport.

**About the Author Tom Kellermann:** 

Tom Kellermann is the Senior Vice President of Cyber Strategy at Contrast Security, Inc. Previously, Tom held the positions of Head of Cybersecurity Strategy for VMware, Inc. and Chief Cybersecurity Officer for Carbon Black, Inc., wherein he authored the "Modern Bank Heist report" for the past five years. In 2020, he was appointed to the Cyber Investigation Advisory Board for the United States Secret Service. On Jan. 19, 2017, Tom was appointed the Wilson Center's Global Fellow for Cybersecurity Policy. Tom previously held the positions of Chief Cybersecurity Officer for Trend Micro, Inc., Vice President of Security for Core Security and Deputy CISO for the World Bank Treasury. In 2008, Tom was appointed a commissioner on the Center for Strategic & International Studies' (CSIS') Commission on Cyber Security for the 44th President of the United States. In 2003, he co-authored the Book "Electronic Safety and Soundness: Securing Finance in a New Age."

**About Contrast Security (Contrast):**

A world leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today's targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec.

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today's pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast's platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint Security, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers.

The growing demand for the world's only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America's Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List.

Tag

#intel