The Salt-SSH pre-flight option copies the script to the target at a predictable path, which allows an attacker to force Salt-SSH to run their script. If an attacker has access to the target VM and knows the path to the pre-flight script before it runs they can ensure Salt-SSH runs their script with the privileges of the user running Salt-SSH. Do not make the copy path on the target predictable and ensure we check return codes of the scp command if the copy fails.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-4277-m35q-7c9w: Salt preflight script could be attacker controlled

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine.
The vulnerability in question, CVE-2024-43451 (CVSS score: 6.5), refers to an NTLM hash disclosure spoofing vulnerability that could be exploited to steal a user's NTLMv2 hash. It was patched by Microsoft earlier this

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails

Alan Filion, believed to have operated under the handle “Torswats,” admitted to making more than 375 fake threats against schools, places of worship, and government buildings around the United States.

In perhaps the largest swatting case to ever be prosecuted, an 18-year-old from Lancaster, California, has pleaded guilty to federal charges stemming from a nationwide spree of hundreds of shooting and bomb threat hoaxes that sent police scrambling to high schools, courthouses, and the homes of law enforcement officials and prominent politicians.

Alan Winston Filion now faces a maximum penalty of five years in prison for each of four counts of making interstate threats to injure the person of another, according to the United States Department of Justice.

Early this year, Filion was arrested and extradited to Seminole County, Florida. At the time, state prosecutors charged Filion with four state-level felony counts stemming from a single incident in which, prosecutors allege, Filion told a Sanford Police Department dispatcher that he was armed with pipe bombs and an AR-15 rifle and was walking into Masjid Al Hayy Mosque to kill everyone he saw.

Filion, whom authorities believe operated online as “Torswats,” has been in jail without a trial for nearly a year. He entered a plea of not guilty to the state charges.

The federal charges announced on Wednesday, along with interviews from people connected to the investigation—and Filion himself—allege his swatting activities reached far beyond Florida’s borders.

Between approximately August 2022 to January 2024 Filion made more than 375 swatting calls, according to the plea agreement. These included incidents where he claimed to have planted bombs or threatened to conduct mass shootings at targeted locations that included religious institutions, high schools, and historically black colleges and universities.

“This prosecution and today’s guilty plea reaffirm the Justice Department’s commitment to using all tools to hold accountable every individual who endangers our communities through swatting and hoax threats,” deputy attorney general Lisa Monaco said in a statement. “For well over a year, Alan Filion targeted religious institutions, schools, government officials, and other innocent victims with hundreds of false threats of imminent mass shootings, bombings, and other violent crimes. He caused profound fear and chaos and will now face the consequences of his actions.”

According to court records, Filion was also part of a high-profile international swatting group that targeted several prominent figures between December 2023 and January 2024. Among the victims were US Homeland Security secretary Alejandro Mayorkas, Cybersecurity and Infrastructure Security Agency director Jen Easterly, Republican US representative Marjorie Taylor Greene of Georgia, and Republican senator Rick Scott of Florida. Investigators say they linked the scheme to roughly 100 calls, one of which targeted an unnamed former president of the United States.

In August, the Department of Justice charged two European men, Tomasz Szabo and Nemanja Radovanovic, in connection with the widespread swatting operation, which led to at least one car accident with injuries. During interviews with the US Secret Service in January and February, both men admitted their roles in the scheme. Radovanovic, however, claimed that he was directed by a third party who provided detailed scripts and selected the targets.

According to the plea agreement, Filion admitted to orchestrating the operation, supplying the names, addresses, and phone numbers of many of the targeted individuals.

“I shot my wife in the head with my AR-15,” a man identifying himself as "James" said in one such call. He told dispatchers in Georgia that he caught his wife sleeping with another man and, after killing her, had taken the man hostage. “I’ll release him for $10,000 in cash,” he added, threatening to detonate pipe bombs and blow up the house if his demands weren’t met. This call targeted the home of Georgia state senator John Albers.

The case against Filion, first reported by WIRED, was built on a trail of digital evidence left across platforms like Telegram, YouTube, and Discord, and pieced together by Brad “Cafrozed” Dennis, a private investigator. Dennis had been hired by two high-profile Twitch stars, both victims of Torswats’ calls, to find the person responsible.

For months, Dennis had posed online as a vengeful ex-husband looking to troll and harass his former wife. He used this persona to infiltrate private Discord servers and Telegram groups where Torswats and affiliates hung out. These were chats dedicated to extortion plots and racist memes; channels filled with child sexual abuse material, self-harm, and animal abuse—some of the worst content he'd ever seen, Dennis told WIRED.

On New Year's Eve 2022, Dennis sent Torswats a private message on Telegram: “You wanna make some real cash? Add me on Tox,” he wrote, referring to the peer-to-peer messaging service, under the pretense of arranging a swatting.

Using network monitoring tools, Dennis then captured the IP address linked to the Torswats account and uncovered a new username: "Paimon Arnum." In January 2023, Dennis handed this critical piece of evidence, along with other usernames and active Discord servers he had tracked over several months, over to the FBI.

According to emails reviewed by WIRED, that information was central to how the FBI broke the case and was the basis of subpoenas sent to Discord and Google in April of 2023 seeking information on accounts Dennis had identified. By early May, the FBI had successfully pinpointed Torswats’ identity and location.

That month, Torswats privately took responsibility for swatting incidents in Telegram chats reviewed by WIRED. These incidents affected up to 25 schools in Washington state, impacting approximately 18,116 students and costing taxpayers an estimated $271,173 in lost instructional time, according to Don Beeler, CEO of TDR Technology Solutions, a company specializing in school surveillance and threat analysis.

Additionally, 911 audio and other police records obtained by WIRED corroborate that the same individual made the calls for more than a dozen of these swatting incidents. In some instances, the caller told dispatchers he had been commanded by Satan to kill students. In others, he said he had been mistreated because he was gay. In others, he seemed to have become bored enough with the game that he didn’t bother to make up a reason.

On July 12, the Torswats handle announced a new swatting operation dubbed the “Grand Offensive,” targeting a dozen senators. Three days later, the FBI raided Filion’s home and seized his electronic devices.

But the raid didn’t stop the swatting.

On November 6, 2023, someone using the Torswats handle took responsibility for a bomb threat aimed at North Beach High School in Ocean Shores, Washington, through a Telegram message. According to police reports and call records obtained by WIRED, the caller impersonated a drug dealer who wanted to report his client to the police because he had said he had placed pipe bombs around the school and was planning a mass shooting. That same month, a person going by Torswats also admitted to swatting an investigator and cybercrime expert named Keven Hendricks in private Telegram communications.

Both threats could be attributed to the same individual, according to a law enforcement official who reviewed the recordings for WIRED but requested anonymity because they were unauthorized to speak to the press.

Details about Filion’s life outside his online activities remain sparse. Enrollment records from Lancaster’s Antelope Valley Community College show that Filion began pursuing a degree in mathematics in the fall of 2022. A former classmate, who requested anonymity due to fears of retaliation, described Filion as quiet and “forgettable.”

“He didn’t appear to have many friends,” they said.

In January 2024, an individual affiliated with the Torswats Telegram account and claiming to be a friend of Filion suggested that he was part of a group aiming to incite racial violence and that he sought money to “buy weapons and commit a mass shooting.” The allegation aligns with a written tip, placed to the FBI’s Internet Crime Complaint Center in April 2023 and obtained by WIRED, alleging that the person behind the Torswats account was involved in a neo-Nazi cult known as the Order of Nine Angles.

“He believes he is doing his part to bring about the end of days by ‘bleeding the finances and man hours of the system,’” the tipster wrote.

Filion’s family could not be immediately reached for comment. A sentencing date for the teenager has not yet been set.

_Updated at 10:45 am EST, November, 2024: Added additional details about Filion’s involvement in swatting attacks against prominent US government officials and others._

Teen Behind Hundreds of Swatting Attacks Pleads Guilty to Federal Charges

PRESS RELEASE

WATERLOO, ON, Oct. 31, 2024 /PRNewswire/ -- OpenText (NASDAQ: OTEX), (TSX: OTEX), has revealed its highly anticipated "Nastiest Malware of 2024" list, spotlighting the year's most notorious cyber threats. Now in its seventh year, OpenText's cybersecurity experts have identified the most relentless and adaptive malware trends impacting industries worldwide. This year, ransomware aimed at critical infrastructure takes center stage, highlighting an urgent call for reinforced security to protect vital services. In response, organizations are projected to increase their cybersecurity investments by 14.3% in 2024, reaching more than $215 billion.

Once again, ransomware group LockBit secures the #1 spot as the nastiest malware of the year. Known for its resilience and relentless pursuit of critical targets, LockBit has successfully dodged multiple law enforcement crackdowns. According to the FBI's 2023 2023 Internet Crime report, LockBit was reported in 175 attacks on critical infrastructure, underscoring its staying power and adaptability. The ongoing standoff between the FBI and LockBit shows the gritty persistence of today's ransomware market and its growing sophistication. For several months now, the battle for dominance between the FBI and LockBit has highlighted the persistence of the ransomware market and how as technology evolves these threats continually lurk in the shadows.    

"Ransomware attacks on critical infrastructure are on the rise, and cybercriminals are increasingly using artificial intelligence to develop highly personalized threats, which significantly endangers national security and public safety," said Muhi Majzoub, EVP and Chief Product Officer, OpenText. "However, the increased attention on ransomware and cybersecurity is encouraging, as more organizations are proactively prioritizing cybersecurity investments. This commitment highlights their dedication to safeguarding essential services from evolving threats." The 2024 list showcases how adaptive and innovative each ransomware is, but also how well these threats push boundaries. With their malicious capabilities and evasiveness, these cybercriminals continue to find new ways to surpass our darkest expectations.

2024's Nastiest Malware Hall of Infamy: 

1.  LockBit: This ransomware-as-a-service (RaaS) heavyweight leads the pack again, unfazed by FBI efforts to take it down. LockBit's aim? Target one million businesses before calling it quits, solidifying its spot as a top ransomware menace in 2024.
    
2.  Akira: A fresh and ferocious entry, Akira brings a splash of '80s aesthetics to the dark web, quickly climbing the ranks with ruthless encryption tactics and swift deployment. It's especially active in healthcare, manufacturing, and finance, cementing itself as a go-to Ransomware-as-a-Service (RaaS) model for affiliates.
    
3.  RansomHub: Rumored to be a descendant of the Black Cat (ALPHV) group, RansomHub burst onto the scene targeting high-profile organizations. After attacking Planned Parenthood, this group made headlines by stealing and ransoming sensitive patient data, threatening public exposure.
    
4.  Dark Angels: Known for its laser-focused, high-impact attacks on top-tier targets, Dark Angels doesn't hold back. Using advanced infiltration methods, they've secured ransom payments as high as $75 million, leaving their mark on one of the year's biggest Fortune 50 attacks.
    
5.  Redline: Not ransomware but still formidable, Redline Stealer specializes in stealing credentials and sensitive information with skillful evasion tactics, making it a persistent headache across various sectors.
    
6.  Play Ransomware: Making waves with high-profile attacks, Play Ransomware is as versatile as it is relentless. From targeting public and private sectors to exploiting FortiOS vulnerabilities and RDP servers, this group keeps victims on their toes with ever-evolving techniques.
    

Want the full rundown? Visit the OpenText Cybersecurity Community, view the infographic, and join us for our "Nastiest Malware Webinar" to dive deeper into this year's findings and stay ahead of emerging threats!

About OpenText Cybersecurity  
OpenText Cybersecurity provides comprehensive security solutions for companies and partners of all sizes. From prevention, detection and response to recovery, investigation and compliance, our unified/end-to-end platform helps customers build cyber resilience via a holistic security portfolio. Powered by actionable insights from our real-time and contextual threat intelligence, OpenText Cybersecurity customers benefit from high-efficacy products, compliant experience and simplified security to help manage business risk.

About OpenText   
OpenText™ is the leading Information Management software and services company in the world.  We help organizations solve complex global problems with a comprehensive suite of Business Clouds, Business AI, and Business Technology.  For more information about OpenText (NASDAQ/TSX: OTEX), please visit us at www.opentext.com.

Connect with us:

OpenText CEO Mark Barrenechea's blog  
Twitter | LinkedIn 

Certain statements in this press release may contain words considered forward-looking statements or information under applicable securities laws. These statements are based on OpenText's current expectations, estimates, forecasts and projections about the operating environment, economies, and markets in which the company operates. These statements are subject to important assumptions, risks and uncertainties that are difficult to predict, and the actual outcome may be materially different. OpenText's assumptions, although considered reasonable by the company at the date of this press release, may prove to be inaccurate and consequently its actual results could differ materially from the expectations set out herein. For additional information with respect to risks and other factors which could occur, see OpenText's Annual Report on Form 10-K, Quarterly Reports on Form 10-Q and other securities filings with the SEC and other securities regulators. Readers are cautioned not to place undue reliance upon any such forward-looking statements, which speak only as of the date made. Unless otherwise required by applicable securities laws, OpenText disclaims any intention or obligations to update or revise any forward-looking statements, whether as a result of new information, future events or otherwise. Further, readers should note that we may announce information using our website, press releases, securities law filings, public conference calls, webcasts and the social media channels identified on the Investors section of our website (https://investors.opentext.com). Such social media channels may include the Company's or our CEO's blog, Twitter account or LinkedIn account. The information posted through such channels may be material. Accordingly, readers should monitor such channels in addition to our other forms of communication.

OpenText Cybersecurity Unveils 2024's Nastiest Malware

The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.

Source: u3d via Shutterstock

China's APT41 threat group is using a sophisticated Windows-based surveillance toolkit in a cyber-espionage campaign targeting organizations in South Asia.

The malware adds to the already broad portfolio of malicious tools that the threat actor has deployed in recent years and makes APT41 an even more pernicious threat to targeted enterprises.

**Optimized Plug-ins**

Researchers at BlackBerry, among the many who are tracking the threat actor, spotted the new malware toolkit earlier this year and have dubbed it "DeepData Framework." Their analysis showed it to be a highly modular toolkit that supports as many as 12 separate plug-ins, each one optimized for a specific malicious function.

Four of the plug-ins steal communications from WhatsApp, Signal, Telegram, and WeChat. Another three are rigged to steal and exfiltrate system information, Wi-Fi network data, and information on all installed applications on the compromised system — including names and installation paths. Three DeepData plug-ins steal information related to browsing history and cookies; they also grab passwords from Web browsers, Baidu storage services, FoxMail, and other cloud services, and other information like user emails and contact lists in Microsoft Outlook. The remaining two plug-ins enable theft of audio files from compromised systems.

Blackberry researchers chanced upon DeepData when conducting an investigation of "LightSpy," an iOS implant that they have tracked APT41 using in an ongoing and wide-ranging mobile espionage campaign against targets in India and South Asia. Their analysis showed DeepData to have a similar design to LightSpy in that both have a core module and support for multiple data theft plug-ins.

Significantly, DeepData appears to be a malware toolkit that the attackers are manually interacting with after compromising a target and gaining access. "The \[command and control\] address is also specified as a command line argument, as are the requested plugins to be run or data to extract," Blackberry's research and intelligence team said in a blog post this week. "The implication of this execution method is that it must be done manually, sans a script or some other bundling distribution."

**Surveillance Powers Continue to Grow**

DeepData adds to APT41's already formidable surveillance and cyber espionage capabilities. The malicious framework is an example of the constantly emerging threats that organizations have to deal with when trying to mitigate threats from advanced persistent threat groups and nation-state bad actors. "Our latest findings indicate that the threat actor behind DeepData has a clear focus on long-term intelligence gathering," BlackBerry said. Since first deploying LightSpy in 2022, the threat actor has methodically and strategically bulked up its capabilities to intercept communications and steal data in total stealth, BlackBerry said.

APT41 is a known threat actor that security vendors and researchers have been variously tracking as Winnti, WickedPanda, Barium, Wicked Spider, and other names. Some vendors consider APT41 to be a collection of smaller subgroups collectively working at the behest of, or on behalf of the Chinese government. The group's mandate appears to be very broad, based on its targets and the kind of campaigns it has conducted in recent years.

Most recently, researchers tied APT41 to attacks targeting global logistics and utilities companies, and to a campaign that targeted research entities in Taiwan. Over the years, the group has stolen data from a wide range of organizations, including intellectual property and trade secrets from healthcare organizations, media and entertainment companies, government agencies, automative firms, retailers, energy companies, pharmaceutical companies, and others. Its activities prompted a US government investigation and subsequent indictment of five alleged members of APT41 back in 2020. Its victims have spanned Europe, Asia, and North America.

The group's latest South Asian campaign appears aimed at politicians, journalists, and political activists in the region, according to BlackBerry. "Organizations of all sizes, particularly those in targeted regions, should treat this threat as a high priority and implement comprehensive defensive measures."

The company's recommended mitigation measures include blocking the group's known C2 infrastructure, monitoring networks and devices for unexpected audio recording activities, using secure communications for transmitting data, and deploying the detection rules that BlackBerry has released for DeepData components.  

Don't miss the upcoming free Dark Reading Virtual Event, "Know Your Enemy: Understanding Cybercriminals and Nation-State Threat Actors," Nov. 14 at 11 a.m. ET. Don't miss sessions on understanding MITRE ATT&CK, using proactive security as a weapon, and a masterclass in incident response; and a host of top speakers like Larry Larsen from the Navy Credit Federal Union, former Kaspersky Lab analyst Costin Raiu, Ben Read of Mandiant Intelligence, Rob Lee from SANS, and Elvia Finalle from Omdia. Register now!

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

Toolkit Vastly Expands APT41's Surveillance Powers

PRESS RELEASE

(Paris, France) – October 31, 2024 – As counterfeiting represents a global issue for brands and societies alike, Cypheme, a pioneering French company focused on AI-powered anti-counterfeiting solutions, today announced that Vrai AI, its AI anti-counterfeit technology that can detect fake products based on just a picture of a specific detail of a product or label, purely with visual analysis, is now available to brands worldwide. This ground-breaking artificial intelligence, which is perfect for companies across multiple verticals (i.e.: jewelry, pharmaceuticals, electronics, fashion, etc.), is easy to implement and only requires the use of a smartphone to keep a brands’ reputation and customers safe.

Lacoste, a world-renowned fashion brand, is the first company to pioneer the use of this technology, marking a major milestone in the worlds of AI development, the fashion industry and the global fight against counterfeiting. Already, Cypheme’s ground-breaking solution has achieved a near perfect level of accuracy of 99.7% for Lacoste, helping them easily identify fake products and remove them from the market.

By incorporating Cypheme’s powerful technology, which examines microscopic visual details of a specific feature of the product, the AI can differentiate a real from a fake, much in a way similar to a human expert. No modification of the product, no special label, or hidden marker is needed. For Lacoste, Cypheme uses the famous and iconic crocodile logo to identify fakes among a wide variety of Lacoste products. This represents an unprecedented technological leap in the fight against counterfeiting that could play a major part in solving or mitigating crisis linked to the criminal activity across multiple regions and sectors.

For certain types of products, however, the use of Cypheme’s “Noise Print Label,” a proprietary fingerprint anti-counterfeit label that protects every product it is affixed on, is also available. Noise Print is an anti-copy label that utilizes an advanced set of algorithms powered by an artificial neural network that verifies a product’s authenticity. However, it doesn’t stop there. Noise Print can also help trace back the origin points where fake products are known to be made.

“Today, according the European Union Agency for Law Enforcement Cooperation, counterfeiting represents 2.5% of the world’s trade, or $461 billion, and puts low-quality goods on the market, generating risks for health, well-being, security and safety,” explains Hugo Garcia-Cotte, CEO, Cypheme. “Implementing anti-counterfeiting technologies helps brands combat piracy, secure operations, enhance revenue and improve customer engagement, however they do not stop at just that, they have a much larger impact, helping shape safer societies overall.”

About Cypheme  
Cypheme is a pioneering French company focused on AI-powered anti-counterfeiting solutions. With their AI technology, Vrai AI, they aim to make counterfeit trade an unattractive activity for all people of the world. Cypheme’s technology is used in many different industries and countries to safeguard people from the negative impact of fake goods. For more information, visit https://www.cypheme.com/.

Lacoste First to Use AI-Powered Anti-counterfeiting Solution

Among the top exploited zero-day vulnerabilities were bugs found in systems from Citrix and Cisco.

Source: JUN LI via Alamy Stock Photo

The Cybersecurity and Infrastructure Security Agency is warning that the most routinely exploited vulnerabilities in 2023 were zero-days in its latest research conducted alongside global cybersecurity authorities.

These findings are a reversal from 2022, when less than half of the most exploited vulnerabilities were zero-days.

CISA's "2023 Top Routinely Exploited Vulnerabilities" report shows that threat actors continue to have success exploiting these kinds of vulnerabilities even two years after public disclosure. After this time frame, the value of the vulnerability tends to decline as patches get applied and systems are replaced.

Some of the top zero-day flaws came from vendors such as Citrix and Cisco, with vulnerabilities involving code injection bugs (CVE-2024-3519), privilege escalation (CVE-2023-20198), and buffer overflow (CVE-2023-4966).

To combat exploitation from threat actors, CISA is urging organizations to check for signs of compromise and keep up with patching CVEs. However, even this may not be enough. Three other tools that CISA recommends are endpoint detection and response (EDR), Web application firewalls, and network protocol analyzers. 

As to why zero-days were among the top exploited, many individuals in the cybersecurity community argued that it's because the quality of software is getting worse.

Others argue that it's because cybercriminals are focusing less on sharing proof-of-concepts (PoC) on forums and more on reserving knowledge about vulnerabilities in-house.

Regardless, CISA provides a variety of mitigation resources for end users and organizations to combat these threats in its study, highlighting identity and access management, protective controls and architecture, and supply chain security.

Zero-Days Win the Prize for Most Exploited Vulns

PRESS RELEASE

WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) released its 2025–2026 International Strategic Plan, the agency’s first, which supports the agency’s first comprehensive strategic plan and aligns with the National Security Memorandum on Critical Infrastructure Security and Resilience. The International Strategic Plan focuses on how CISA will proactively engage international partners to strengthen the security and resilience of our nation’s critical infrastructure.  

“In following this plan, CISA will improve coordination with our partners and strengthen international relationships to reduce risk to the globally interconnected and interdependent cyber and physical infrastructure that Americans rely on every day,” said CISA Director Jen Easterly. 

Since the risks we face are complex, geographically dispersed and do not abide by borders, protecting and securing our cyber and physical infrastructure requires the concerted efforts of public and private partners around the globe. Our International Strategic Plan outlines three goals CISA must achieve to address the ever-changing and dynamic challenges facing America and our international partners: 

*   Bolster the Resilience of Foreign Infrastructure on Which the U.S. Depends; 
    

*   Strengthen Integrated Cyber Defense; and 
    

*   Unify Agency Coordination of International Activities.  
    

Read CISA’s International Strategic Plan to learn more.

CISA Releases Its First Ever International Strategic Plan

The consolidation folds Cybereason's endpoint detection and response (EDR) platform into Trustwave's managed security services offerings, such as managed detection and response (MDR).

Source: nespix via Adobe Stock Photo

Managed services provider Trustwave and endpoint detection and response (EDR) company Cybereason announced a definitive merger agreement on Tuesday. The merger reflects the market appetite for integrated cybersecurity solutions, as seen in Check Point's acquisition of Cyberint earlier this year.

Trustwave and Cybereason will "function independently but collaborate strategically on value-added services and capabilities," the companies said in a statement. Cybereason has a significant presence in Japan and Europe, and Trustwave is strong in the Americas and Australia.

The combined company portfolio will span managed detection and response, EDR, offensive security, security research, digital forensics and incident response, and threat intelligence services. Trustwave and Cybereason have complementary product offerings in EDR, email security, and database security.

For example, Cybereason can offer "combined EDR and MDR solutions," said Eric Gan, chairman and CEO of Cybereason said, a statement.

Together, Trustwave and Cybereason will focus on strengthening client consulting services and managed detection and response (MDR) capabilities to develop an all-in-one solution with Cybereason's EDR for midmarket organizations, as well as help customers integrate and optimize Microsoft Security. A primary areas for strategic investment is a purpose-built AI that can detect known and unknown threats with greater speed and accuracy.

Singtel acquired Trustwave in 2015 for $770 million; it sold the company to MC² Security Fund, a private equity fund sponsored by The Chertoff Group, in January of this year for $205 million. Cybereason has raised over $850 million to date from a variety of investors.

SoftBank, Cybereason's largest shareholder, will remain as the majority investor. Trustwave's current owner and MC² Security Fund will remain as a channel partner and strategic adviser.

Financial details of the merger were not disclosed. The transaction is expected to close in early 2025, pending customary closing conditions and regulatory approvals.

Trustwave-Cybereason Merger Boosts MDR Portfolio

PRESS RELEASE

NEW YORK, Oct. 30, 2024 /PRNewswire/ -- Industrial manufacturers ranked network security as their top cybersecurity investment to guard against adverse cyber events, according to a recent State of Technology in Manufacturing survey by global technology intelligence firm ABI Research. With increasingly connected and digitized industrial assets providing ever more information about processes and workforce, manufacturers are focusing their security on network security technologies such as authentication and access control. Coupled with a growing body of industrial-focused security regulation and an expanding cybercrime element (for whom data in discrete manufacturing processes are extremely high value), this puts pressure on manufacturers to safeguard their operations better.

Network breaches can have significant repercussions on industrial manufacturers. Unplanned downtime impacts production, which could lead to revenue loss or potential regulatory liability for data breaches. In Europe alone, three regulatory instruments impose financial penalties for non-compliance: the General Data Protection Regulations, the NIS2 Directive, and the Cyber Resilience Act.

"Industrial manufacturers are one of the top targeted sectors by threat actors. Not only is counterfeiting in contract manufacturing rife, but ransomware is a prevalent threat," says Michela Menting, Senior Research Director. "Supply chain vulnerabilities and social engineering constitute important vectors for threat actors, and manufacturers are understandably concerned about security as they increasingly connect their industrial assets to operational networks."

Demand for cybersecurity solutions focused on operational technologies is growing quickly as a result, with ABI Research forecasting a US$2 billion market globally in 2024. Much of it is driven by demand for network security and segmentation technologies. This correlates with the survey findings, with manufacturers citing network security solutions such as access control, authentication, and threat detection as their top security investments.

These findings are from ABI Research's Industrial and Manufacturing Survey 1H 2024: Cybersecurity Impacts and Investments report. This report is part of the company's OT Cybersecurity research service, which includes research, data, and ABI Insights.

About ABI Research

ABI Research is a global technology intelligence firm delivering actionable research and strategic guidance to technology leaders, innovators, and decision makers around the world. Our research focuses on the transformative technologies that are dramatically reshaping industries, economies, and workforces today.

ABI Research是一家国际科技情报公司，为全球科技领袖、创新人士和决策者提供实用的市场研究和战略性指导。我们密切关注一切为各行各业、全球经济和劳动市场带来颠覆性变革的创新与技术。

For more information about ABI Research's services, contact us at +1.516.624.2500 in the Americas, +44.203.326.0140 in Europe, +65.6592.0290 in Asia-Pacific, or visit www.abiresearch.com.

You May Also Like

Latest News