Two Mideast nations that were at odds until recently have announced the "Crystal Ball" project, aimed at better protecting against cyberattacks via collaboration and knowledge sharing.

In a watershed moment for two once-fractious regional neighbors, the United Arab Emirates (UAE) and Israel are to work together on a threat intelligence-sharing platform to battle cybersecurity threats.

Announced this week, the “Crystal Ball” project is a digital platform for detecting and repelling hackers via collaboration and knowledge sharing around national-level cyberthreats. It was described as being enabled to "design, deploy and enable regional intelligence enhancement," according to a presentation slide seen during this week's Tel Aviv Cyber Week.

The project will be backed by Microsoft, Israel's Rafael Advanced Defense Systems, and Abu Dhabi's CPX, and an unspecified number of countries will also participate, according to The Circuit.

**The Need for a Joined-up Response**

Emirati cybersecurity chief Mohamed Al Kuwaiti said the platform will enable partner countries to "easily and seamlessly share information," and will be strengthened by the combination of the countries' joint abilities, processing power, and a high volume of data.

In an address to the Cyber Week conference, Al Kuwaiti said, "Cyber threats do not distinguish between nations, do not distinguish between entities or people, and that is why we need to unite against those threats. The Crystal Ball that we are aiming for the whole community will be the first step toward that."

Nadir Izrael, co-founder and CTO of Armis, says he welcomes the joint effort in the Middle East because he is "a strong believer that nations need to work together to develop a comprehensive and effective response to cyber warfare, in order to build a more secure and resilient world."

He adds: "As we saw with the cyberattacks on Israel this late April, coordinated efforts from groups associated with Iran and Russia are looking to increase geopolitical tensions and create instability amongst citizens. In a world that has become polarized, it is a must to invest in cybersecurity measures to protect whole nations from these kinds of attacks."

Izrael also noted that the Crystal Ball project should be a model for others. "Governments and organizations need to take threats seriously, and allocate resources to build robust and resilient cybersecurity systems," he says. "Those advanced systems will allow for threat intelligence, which can help detect malicious behavior and stop an attack even before it happens."

**Improved Diplomatic Relations**

Al Kuwaiti said the UAE's connection with Israeli tech companies has been especially helpful in his country's transition to a digital economy, after the UAE and Israel normalized diplomatic relations as part of the September 2020 Abraham Accords, leading to the bolstering of both commercial and strategic ties between the countries.

Ryan Westman, senior manager of threat intelligence at eSentire, says the collaboration of threat intelligence sharing between Israel and the UAE will be key to better securing the region. "In general, any information-sharing agreement will likely benefit organizations in the countries covered, as the more insights we have on threats and vulnerabilities to organizations, the better the job we can do at responding to those the risk those threats and vulnerabilities present," he says. "By sharing information on those threats and vulnerabilities, the easier it is for security teams to respond to the risks." 

He notes that while information sharing and analysis centers (ISACs) have existed for some time now and are not novel, the collaboration between two states that used to be at geopolitical odds is notable.

"Partnerships like this can have a wider impact, improving the security posture for everyone, because it makes it easier to detect potential issues in the wider threat landscape," he says. "Working together in this way benefits everyone, whether they are in the two countries concerned or in others within the region."

UAE, Israel Ink Pivotal Joint Cyber-Threat Intelligence Agreement

Swiss intelligence warns that Russia ramping up cyberattacks on infrastructure and cyber espionage as on-the-ground options evaporate.

Russia's diminishing position on the world stage has limited its physical options on the ground both for kinetic attacks and traditional spycraft — leaving Putin's regime increasingly reliant on cybercrime to carry out its oppositional activities against Ukraine and the rest of the West.

Switzerland's Federal Intelligence Service (FIS) released its 2023 security assessment on June 26 predicting that Russia will increasingly launch cyberattacks on critical infrastructure as part of its war strategy not just in Ukraine, but against NATO member states as well.

It also pointed to Moscow's dwindling human spy apparatus — and few options for shoring it up — as driving an uptick in cyber activity.

**Russia's Cybercrime Spree, a Spark for WWIII?**

Although neutral Switzerland maintains some distance from the direct impact of Russian cyberattacks, the FIS is concerned about follow-on affects within its borders.

Worryingly, the report assesses that cyberattacks on NATO-member state infrastructures could ultimately trigger the North American Treaty's Article 5 commitments to join in war against any nation that attacks a member state. The FIS added that NATO has suggested in the past that a cyberattack on critical infrastructure could, in fact, be considered a trigger under Article 5, kicking off a third world war.

In late March, evidence was leaked by Russian contractor NTC Vulkan detailing how Russian intelligence agencies use private companies to launch cyber threat campaigns across the world. The documents included materials for trainings run by Vulkan on how to takeover railroads and power plants.

Cyber threats to critical infrastructure fall into two categories, according to the FIS report: direct cyber attacks against infrastructure; and ransomware attacks that could potentially hobble supply chains.

"Attacks against critical infrastructure have widespread impacts," Timothy Morris, chief security advisor with Tanium tells Dark Reading. "Damage can run the gamut from disruptive inconveniences to economic stress to catastrophic life altering or threatening impacts. Also, collateral damage can happen with cyberattacks, as often happens with kinetic warfare."

Dangerously, throughout the Russian war against Ukraine, many ransomware attacks against infrastructure are being carried out by non-state actor threat groups, making their actions often unpredictable. Erratic behavior by a threat group not directly affiliated with the Russian state could cause a miscalculation in attributing a cyberattack, or prompting unnecessary escalation of hostilities," the FIS warned.

"The activities of non-state actors engaged in the war are still the main problem," the report said. "The threat and the unpredictability which such activities give rise to should not be underestimated, even if these threat actors have so far attracted more attention by announcing their intentions that by carrying them out."

The challenge in protecting critical infrastructure across multiple nations is a lack of common rules, according to John Anthony Smith, CEO of Conversant Group. 

"There are widely varying degrees of cyber defenses in place across these critical infrastructure sectors and entities, since the entities protecting critical infrastructure as well as providing oversight include both private and public sector organizations: no one agency or institution provides guidance, rules, or controls on how cybersecurity is conducted, tested, and configured," Smith explains.

**Russian Cyberespionage Supplants Real Spies**

Russian cyber threat actors are also increasingly responsible for gathering intelligence in lieu of actual human operatives on the ground, according to the report. The FIS noted that the phenomenon dates as far back as 2018 and the attempted murder of Sergei Skripal, a former Russian intelligence officer living inside the UK and acting as a double agent for the West.

The poisoning started an expulsion of Russian diplomats and intelligence officers from throughout the world that has continued in force since the invasion of Ukraine in February 2022. Mistrust of Russian diplomats, many of whom were declared _persona non grata_ by Western governments, will have a hard time recruiting and developing new sources and operating for years to come, the FIS added — meaning that cyber espionage and advanced persistent threats will have to fill the gap.

"The Russian leadership's war of aggression against Ukraine has made the work of its intelligence services more important, but at the same time has made it harder to operate," the FIS report said.

Callie Guenther, cyber threat researcher with Critical Start noted in response to the FIS assessment that the correlation between expelling spies and increased cyber espionage would be difficult to verify but sounds reasonable.

"While there's no direct evidence linking the expulsion of spies to an uptick in digital espionage, it's plausible that countries compensate for lost physical assets by enhancing their cyber intelligence efforts," Guenther tells Dark Reading. "Increased digital espionage poses significant threats, potentially disrupting vital infrastructure and leading to serious societal and economic consequences, compromising national security, and even triggering an act of war."

**Russian Intelligence Eyeing AI and Machine Learning**

The increasing digitization of information coupled with the capabilities of artificial intelligence and machine learning will lure cyberattackers to massive stashes of data stored by organizations like financial services providers, social media platforms, hotels, and critical infrastructure operators, the FIS warned.

The promise of accessing this breadth of sensitive data is also driving investments in AI and ML cyber threat intelligence capabilities by Russia, as well as by China and Iran, the FIS added.

Troves of stolen sensitive data could be used in a variety of ways by authoritarian governments, including to harass and intimidate opposition activists, interfere in elections, circumvent sanctions to buy and sell goods, and more the FIS report added.

Democracies are urged by the FIS to get ahead of Russian, Iranian, and Chinese intelligence services' implementation of espionage AI and ML tools by starting to regulate now.

"For states governed by democracy and the rule of law, this means, among other things that there is an urgent need to legislators and supervisory bodies to take a detailed look at the use of these capabilities," the report said.

It's incumbent on the cybersecurity community to be aware of the emerging cybersecurity tools used in warfare, Darren Guccione, CEO of Keeper Security, explains to Dark Reading about the FIS assessment.

"Cybersecurity is both national and international security, and must be prioritized as such," he says. "In the digital age, it's clear that cyber and traditional warfare tactics will continue to converge as threat actors use cyberattacks to both support and supplement physical attacks."

Russian Spies, War Ministers Reliant on Cybercrime in Pariah State

Enterprises can now integrate 1Password with Duo, OneLogin, JumpCloud, Ping Identity, and more.

**TORONTO****,** **June 28, 2023** **/PRNewswire/ --** 1Password, the leader in human-centric security and privacy, today announced the availability of Unlock with Single Sign-On (SSO) for additional identity providers with the new generic OpenID Connect (OIDC) configuration for 1Password Business. Business customers can now integrate 1Password with more identity providers like Duo, OneLogin, JumpCloud, and Ping Identity, to strengthen their existing security infrastructure, enforce stronger and auditable security policies from their identity provider, and allow employees to easily access their passwords and sensitive information.

"While the single sign-on provider protects logins for approved apps that are specifically added to them, 1Password protects virtually everything else," said Steve Won, chief product officer at 1Password. "Making the easy thing the secure thing is at the core of everything we do, and unlocking 1Password with SSO benefits IT teams, employees, and businesses in that regard. Enterprises can continue to secure their employees, no matter how they need to sign in."

The OIDC identity protocol is a modern, secure identity layer built on top of the OAuth 2.0 protocol. It is simpler, more flexible, and includes support for native and mobile applications. Building a generic OIDC configuration has allowed 1Password to offer secure support for many providers at once using the same underlying zero-knowledge architecture, encryption, and trusted device model as Unlock with Okta and Azure AD.

*   **Unlock 1Password with your SSO identity provider**: Vaults can now be unlocked with a single click via SSO, with zero-knowledge architecture and end-to-end encryption.
*   **Set fine-grained permissions and customizable access controls**: Pair 1Password with existing identity and access management (IAM) infrastructure to simplify adoption, enable secure sharing, and strengthen auditing, compliance, and reporting workflows.
*   **Easy, secure access to passwords and sensitive information**: 1Password's integration with additional identity providers allows employees to authenticate 1Password without an account password and access their vaults in a single click.

"Unlocking 1Password with single sign-on has been a game changer for our organization. We pride ourselves on maximizing security and minimizing friction for our users, and with this capability, we've accomplished both of these goals," Jason Waits, CISO at Inductive Automation. "By eliminating the need to remember a separate password for 1Password, we've made it easier for our employees to access their accounts so they can get their jobs done without compromising security. Streamlining the login process is a win for both the security team and our employees."

The news comes on the heels of Unlock with Okta and Azure earlier this year. Effective today, 1Password Business customers can unlock 1Password with identity providers that support generic OpenID Connect. For more information, visit our website.

**About 1Password** 

1Password's human-centric security keeps people safe at work and at home. Our solution is built from the ground up to enable anyone – no matter their level of technical proficiency – to navigate the digital world without fear or friction. The company's award-winning security platform is reshaping the future of authentication, including passwordless. 1Password is trusted by over 100,000 businesses such as IBM, Slack, Snowflake, Shopify, and Under Armour and protects the most sensitive information of millions of individuals and families across the globe. The company's ultimate goal is to help consumers and businesses get more done in less time – with security and privacy as a given. Learn more at 1Password.com.

SOURCE 1Password

1Password Launches Unlock With Single Sign-On for OIDC-Supported Identity Providers

Generative AI chatbots like ChatGPT are the buzziest of the buzzy right now, but the cyber community is starting to mature when it comes to assessing where it should fit into our lives.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

6 Ways Cybersecurity Is Gut-Checking the ChatGPT Frenzy

The popular package manager for software developers has been vulnerable to this attack vector for a while, and negligent in fixing the problem, according to a former employee.

A weakness in Node Package Manager (npm) could allow anybody to hide malicious dependencies and scripts within their packages, a former GitHub employee claims.

Npm is owned by GitHub and is used for JavaScript code sharing, serving more than 17 million developers. It's the world's largest software registry, containing more than 2 million packages, according to the website.

In blog post on June 27, Darcy Clarke, former staff engineering manager for npm's command line interface team, detailed a weakness in the site he named "manifest confusion."

The "confusion" arises from the fact that npm doesn't validate the metadata associated with any given package, theoretically enabling any publisher to hide certain information about their packages, including the scripts it runs and the dependencies on which it relies.

**What Is Manifest Confusion?**

Npm — and other repositories like it — has been under pressure in recent months, with more and more hackers devising novel methods to poison packages and spread their malware through the code supply chain.

Not all credit goes to the hackers, though — some npm security risks arise from the way the platform itself works, as with its lagging efforts against typosquatting, and, now, manifest confusion, Clarke said.

The problem is that npm doesn't automatically cross-reference a package's "manifest" — what users first see when they visit a package on the site — against its package.json, the standard file describing its contents. Both the manifest and package.json contain metadata including, crucially, what scripts and dependencies the package runs on.

It stands to reason, then, that they should agree with one another, but a publisher can simply manipulate a package's manifest, and npm won't notice. As a case in point, Clarke created an npm package with a manifest stripped of any evidence of the dependencies in its package.json.

Theoretically, hackers could do the same with their own packages, in order to conceal the existence of malware from unwitting software developers.

**Why npm Doesn't Validate**

Clarke posited an historical precedent for manifest confusion. "Before the node ecosystem became what it is today," he wrote, "the number of people contributing to the corpus of software you trusted to use and download was very small. With a smaller community, you have more trust, and even as the npm registry was being developed, most aspects were open source and freely available to be contributed to and code inspected."

Even today, "various references in docs.npmjs.com \[point\] to the fact that the registry stores the contents of package.json as the metadata — and nowhere does it mention that the client is responsible for ensuring consistency," Clarke explained.

Exactly why the system works this way isn't clear. At the time of publication, GitHub had not responded to Dark Reading's request for comment.

"\[Who knows\] the real reasons they chose to do validation client-side versus server-side?" says Mike Parkin, senior technical engineer at Vulcan Cyber. "It seems they chose to lean toward easier organic growth versus a path that would have given more security but would have impacted ease of use."

**No Signs Manifest Confusion Will Be Fixed Soon**

According to Clarke, GitHub has been aware of the manifest confusion weakness since at least Nov. 4 last year, and Clarke himself submitted a report on it March 9. However, "GitHub closed that ticket and said they were dealing with the issue 'internally' on March 21st," he lamented in his posting. “To my knowledge, they have not made any significant headway, nor have they made this issue public.”

But "GitHub is understandably in a tough spot," he acknowledged. "The fact that npmjs.com has functioned this way for over a decade means that the current state is pretty much codified."

Clarke, it may be noted, is the founder of an alternative website for JavaScript packages, vlt.

With no solution in sight, it will be up to developers to make sure they're not downloading anything they don't realize is in a package. Clarke recommended that developers rely only on the metadata indicated by the package's contents, not its manifest, to account for any potential discrepancies.

To Parkin, taking care around third-party code needs to be mandatory practice for any developer and organization. "That's especially true with obscure libraries, or older ones that haven't seen a lot of active development and may have been orphaned, or libraries that were recently added," he says. "While none of those factors are immediate red flags that would preclude using them in a project, they are factors that make vetting the sources even more important."

It doesn't have to be difficult, though — plenty of vendors have been working on this problem for a while.

"There are automated tools that can scan code for unusual features and obvious exploits, and those tools need to be part of the developer's toolkit," Parkin says, pointing to OWASP's list of source code analysis tools.

"Validating your packages should not be an optional step," he concludes. "Instead, it should be built into any coding project that relies on third party libraries. Full stop."

Npm Plagued With 'Manifest Confusion' Malware-Hiding Weakness

With at least 13,000 compromised devices in the data leak, it is still unknown who the threat actor is or whether or not victims will be personally notified.

LetMeSpy, an Android phone-tracking company that has been used to track more than 236,000 phones, was hacked on June 21, resulting in threat actors gaining unauthorized access to its users' data dating as far back as 2013.

The hack was discovered by a Polish security research team at Niebezpiecznik, which contacted the maker of the spyware app — but the researchers instead received a response from the threat actor, suggesting the person had taken over the LetMeSpy domain. It is unknown who the threat actor is or what the motives are. 

The phone-tracking app, designed to be hidden from the home screen of a phone in order to remain undetected, was created for and marketed toward parents to control the phone usage of minors and for employers to monitor employees. But the app can also be used in more malicious and threatening "stalkerware" ways, such as an abusive spouse planting the app in a partner's phone, allowing access to any data the stalker deems necessary. Once the app is downloaded, it uploads information — including texts, call logs, and location data — so that an individual can be tracked to a precise location.

**Target for Leaks and Hacks**

Because they have a deep level of accessibility into phone, these types of apps are targets for leaks and hacks.

"The database we reviewed contained current records on at least 13,000 compromised devices, including detailed phone records, though some of the devices shared little to no data with LetMeSpy (LetMeSpy claims to delete data after two months of account inactivity)," stated TechCrunch, which obtained a copy of the leaked data.

LetMeSpy has stated that it has notified law enforcement and its local data protection authority, UODO, but it is unknown as to whether or not it will be notifying victims who have compromised phones.

LetMeSpy Phone-Tracking App Hacked, Revealing User Data

Because social engineering usually succeeds, companies need to test whether their defenses can block adversaries that gain employees' trust.

When Alethe Denis conducts a social engineering attack as part of a red team exercise, the Bishop Fox security consultant often presents the targets with the exact email template that her team intends to use — such as a dress-code missive from human resources — and yet the attack almost always succeeds.

"They've literally seen the email template, and I've highlighted the fact in my training that HR-based pretexts are extremely common and incredibly successful — 'Here's an example of a dress-code e-mail template,'" she says. "And they go, 'Yes, yes, yes.' And then on the day that I send the campaign, at least one person clicks."

Pretext attacks and phishing have taken off as attackers have come to rely on them as an effective approach to compromising businesses, with about one in every six attacks including a social engineering component, according to Verizon's recently released "2023 Data Breach Investigations Report" (DBIR). For that reason, social engineering has also become a necessary part of red team exercises and penetration tests, and more providers are expanding their service offerings. Bishop Fox, for example, announced on June 28 that the firm had expanded its red team offerings to include social engineering attack emulation, more in-depth reporting on human-focused attacks, and the ability for customers to "ride along" to both learn from and oversee any exercises.

The goal is not only to show the potential threat that the social engineering vector poses for initial access, but to highlight how companies can react effectively following a successful attack, Denis says.

"We don't rely simply on testing humans when we're conducting social engineering," she says. "Our goal is to understand the weaknesses and then make recommendations that would allow the organization to put technical controls in place to prevent phishing and social engineering."

The shift is another way that today's red team engagements and penetration testing differ from those of a decade ago. Consultants are more focused on emulating the attackers, not just outfoxing the defenders and finding the easiest way to a business' crown jewels. In addition, penetration testing is more integrated with other security tools, such as those used by security operations centers and application security teams. And because more companies have grown accustomed to crowdsourcing, penetration-testing services now offer more frequent engagements.

**Understanding the Impact of Social Engineering**

By including social engineering in a penetration-testing engagement, companies gain the opportunity to learn about specific weak points in their training and environments, such as lax security protocols and a lack of security awareness among employees, says Chris Scott, managing partner at Unit 42 at Palo Alto Networks.

"These tests are more than just seeing if an attack could succeed, but also to discover how it could succeed within your environment," he says. "Social engineering is part of the early phases of an attack, and being able to detect and respond to these attacks is key to limiting their impact."

Attackers continue to gather more passive intelligence on their targets, prior to an attack, according to experts. While a penetration test can help you discover easily exploitable vulnerabilities, focusing on social engineering tactics will make it that much harder for an attacker to succeed, says Andrew Obadiaru, chief information security officer at crowdsourced pen-testing service Cobalt.

"Threat actors understand what motivates people to enter their credentials, reply to an email, or click a link," he says. "Mitigating endpoint security, such as social engineering, is important because it shows how people react to urgent situations and whether or not they are willing to disclose personal or intellectual information."

**Purple Is the New Black**

The ultimate reason to add social engineering to a red team exercise or penetration-testing engagement is to allow companies to uncover the unexpected ways that an attacker could parlay a simple email message into a significant compromise. Conducting tabletop exercises internally has its limits, says Erich Kron, a technical evangelist at security awareness firm KnowBe4.

"Testing yourself for vulnerabilities is a lot like grading your own homework, so it is important to have an outside view and approach to finding vulnerabilities in your organization," he says.

Thus, the "purple team" approach — where penetration testers, or red teams, work with the internal security team, or blue team — is critical, Kron adds.

"A penetration test that provides the organization with a list of vulnerabilities is far less useful than coordinating with the defensive team so they understand the vulnerabilities and how to mitigate them," he says.

Overall, companies need to make sure that their security operations can respond in the right way to a successful social engineering attack and find ways to prevent the initial compromise. Putting rules in the browser that prevent people from visiting newly registered domains and rolling out multifactor authentication are two good ways for businesses to harden their IT environments against social engineering, Bishop Fox's Denis says.

"Regimented, compliance-driven phishing exercises are great to support training efforts and security awareness training to help individuals identify when they're being manipulated," she says. "But while they're great for training purposes, they should not be relied upon for protection of the organization against social engineering."

Social Engineering Adds Depth to Red Team Exercises

The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services.

**New York, June 28, 2023** – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding led by CRV with participation from existing investors Bessemer Venture Partners and F2 Venture Capital. This new investment brings Astrix’s total funding to almost $40 million. 

Fueled by the increased adoption of automation and generative AI initiatives, the enterprise’s connectivity to third-party applications is growing, resulting in an increase in cyber attacks targeting non-human app-to-app connections (via API keys, access tokens, service accounts, etc.) – as seen in high profile attacks against CircleCI, Mailchimp, GitHub, Microsoft, and Slack. 

Despite financial instability within the market, Astrix is experiencing exponential year-over-year growth and momentum as a leader in securing this growing threat vector. The company recently added Figma, Priceline, Bloomreach, Rapyd and many others to its customer roster and was recognized as a finalist in the 2023 RSA Innovation Sandbox contest. The business also doubled its headcount, and will use this funding to continue expanding the team in both the U.S. and Tel Aviv offices, including its research team who recently discovered GhostToken, a critical 0-day vulnerability in the Google Cloud Platform. 

“We founded Astrix to close a significant and unaddressed security gap, by allowing security teams to extend access management and threat detection to the non-human identity layer,” said Alon Jackson, CEO and co-founder at Astrix. “It’s amazing to experience the tremendous adoption by security teams, as well as see Astrix’s capabilities become essential to their every-day security arsenal. We look forward to continuing to expand our capabilities and partnerships, allowing organizations to truly reap the benefits of third-party services, especially Gen-AI apps, without compromising security.”

The enterprise environment depends on a vast web of interconnected apps, supported with an average of 10,000 app-connections for every 1,000 employees. More so, with AI-powered apps being downloaded 1506% more than last year, and often connected by employees across departments without the security team’s knowledge, having visibility and governance into every third-party connection is virtually impossible. While existing solutions focus on securing user-connections, Astrix is the first solution to focus on securing app-connections, allowing the enterprise to ensure their core systems are securely connected to each other and to third-party services.

“As a growing threat vector, there has been a shift in the market to focus on third-party connectivity,” said James Green, General Partner at CRV. “Astrix caught our eye for their innovative approach to extending IAM and threat detection to all non-human identities, giving unprecedented capabilities to manage the growing API-based third-party attack surface across all environments.”

“Partnering with Astrix from inception, we’ve seen the vast impact they’ve had on the industry in a short amount of time,” said Amit Karp, Partner at Bessemer Venture Partners. “From raising awareness to this growing attack surface to supporting some of the leading companies in the world, we’re excited for what’s to come as Astrix expands and continues protecting customers from the next supply chain attack.”

“The progress Astrix has made from seed funding to now is incredible,” said Jonathan Saacks, Managing Partner at F2 Venture Capital. “The company has made a mark on the industry already, and with the wealth of knowledge and experience from this team, we are confident they will continue to be the security asset every business needs and relies on in their toolbox.”

The Astrix Security Platform is the first solution to provide holistic visibility into all non-human connections and identities. Astrix provides a consolidated, comprehensive view of all the internal and third-party integrations within a business environment, as well as all access keys in use (i.e., API keys, OAuth tokens, service accounts, and webhooks) and the permissions and level of access granted to each one. With Astrix, businesses can extend their identity threat detection and response capabilities to non-human identities by continuously running behavioral analysis of internal and third-party apps connected to core SaaS, IaaS and PaaS systems to detect anomalies that may indicate compromised access tokens and automatically remediate risky connections.

**About Astrix Security**

Founded in Tel Aviv in 2021, Astrix Security helps cloud-first companies defend against a new generation of supply chain attacks. Astrix provides holistic visibility into all non-human connections and identities – automatically detecting and remediating over-privileged, unnecessary, misbehaving and malicious app-to-app connections to prevent supply chain attacks, data leaks and compliance violations. Led by two veterans of the Israel Defense Force 8200 military intelligence unit, CEO Alon Jackson and CTO Idan Gour, Astrix’s team is rapidly expanding. Astrix has raised nearly $40M in funding, with a Series A led by CRV, and additional investments from Bessemer Venture Partners, F2 Venture Capital, Venrock and Kmehin Ventures. Learn more at https://astrix.security or follow us on LinkedIn.

**About CRV**

CRV is a venture capital firm that invests in early-stage startups. Since 1970, the firm has invested in more than 500 startups at their most crucial stages, including Airtable, DoorDash and Vercel. Founders need more than capital to build a great company. It takes a partner who understands the entrepreneurial journey and knows what it takes to win. From founding to IPO and beyond, CRV is there every step of the way. Founders rely on CRV to be trusted, long-term, committed partners, which has helped make CRV into one of the longest-running venture capital firms in the world. Learn more about CRV and the companies shaping the future at https://www.crv.com.

**About Bessemer Venture Partners** 

Bessemer Venture Partners helps entrepreneurs lay strong foundations to build and forge long-standing companies. With more than 145 IPOs and 300 portfolio companies in the enterprise, consumer and healthcare spaces, Bessemer supports founders and CEOs from their early days through every stage of growth. Bessemer’s global portfolio has included Pinterest, Shopify, Twilio, Yelp, LinkedIn, PagerDuty, DocuSign, Wix, Fiverr, and Toast and has $20 billion of assets under management. Bessemer has teams of investors and partners located in Tel Aviv, Silicon Valley, San Francisco, New York, London, Hong Kong, Boston, and Bangalore. Born from innovations in steel more than a century ago, Bessemer’s storied history has afforded its partners the opportunity to celebrate and scrutinize its best investment decisions (see Memos) and also learn from its mistakes (see Anti-Portfolio). 

**About F2**  

F2 Venture Capital is a Tel Aviv-based VC firm that invests in early-stage technology companies on the cutting edge.

Our team members have been investors, operators, and engineers in startups and multinational giants that changed the game over the last twenty years. With $500 million assets under management and personalized support, F2 powers visionary founders on their bold missions.

F2 also operates Israel’s most active pre-seed investment platform, to back founders with guidance, network, and capital from day zero. More details @ www.f2vc.com

Astrix Security Raises $25M in Series A Funding

The combination of data science expertise, cloud resources, and Cato's vast data lake enables real-time, ML-powered protection against evasive cyberattacks, reducing risk and improving security.

**TEL AVIV, Israel, June 27, 2023** — Cato Networks, provider of the world's leading single-vendor SASE platform, introduced today real-time, deep learning algorithms for threat prevention as part of Cato IPS. The algorithms leverage Cato's unique cloud-native platform and vast data lake to provide highly accurate identification of malicious domains, which are often used in phishing and ransomware attacks. In testing, the deep learning algorithms identified nearly six times more malicious domains than reputation feeds alone. Cato's Security Research Manager, Avidan Avraham, and Cato Data Scientist Asaf Fried presented on the use of machine learning to detect C2 communications at the AWS Summit in Tel Aviv.

**Tapping Deep Learning to Stop Phishing and Ransomware Attacks**

Real-time identification of malicious domains and IPs is essential to stopping phishing, ransomware, and other cyber threats. The traditional approach – relying on domain reputation feeds to categorize and identify malicious domains – has proven far too inaccurate as domain generation algorithms (DGAs) enable attackers to quickly generate new domains, which lack reputation. At the same time, users continue to click through to malicious domains mimicking well-known brands (such as microsoftt\[dot\]com or amazonlink\[dot\]online) whose lack of reputation also makes detection by reputation feeds alone unreliable. 

Cato's real-time, deep-learning algorithms address both problems. The algorithms prevent access to DGA-registered domains by identifying those new domains infrequently visited by users and with letter patterns common to DGAs. They block cybersquatting by hunting for domains with letter patterns similar to well-known brands. And the algorithms stop brand impersonation by examining parts of the webpage, such as the favicon, images, and text. 

These radical advancements in network security are enabled by the cloud-native architecture of Cato’s technology. Real-time deep learning algorithms require significant compute resources to avoid disrupting the user experience. The Cato SASE Cloud provides those resources. In milliseconds, Cato inspects flows, extracts their destination domain, measures the domain's risk, and infers the necessary results from the traffic without disrupting the user experience. 

At the same time, deep learning models need extensive training data. The massive data lake underlying Cato SASE Cloud provides that resource. Built from the metadata of every flow traversing Cato and further enriched by 250+ threat intelligence feeds, the deep learning algorithms benefit from analyzing patterns across all Cato customers. Those insights are further enhanced by custom analyses derived from customers' traffic—the result: precise, algorithmic identification of suspicious domains. 

**Real-time Deep Learning Yields 6X Improvement in Threat Detection**

Cato Research Labs routinely observes tens of millions of network connection attempts to DGA domains from across the 1700+ enterprises using the Cato SASE Cloud. For example, of the 457,220 network connection attempts to DGA domains made in a sample period, only 66,675 (15 percent) were listed in the 250+ threat intelligence feeds consumed by Cato. By contrast, Cato algorithms identified the rest, over 390,000 additional DGA domains, a nearly six-fold improvement.

**Real-time, Deep Learning: Just One Part of Cato’s Multitiered Security Protection **

Cato's real-time, deep learning algorithms are not the only way Cato detects and stops threats. The Cato SASE Cloud's combination of SWG, NGFW, IPS, NGAM, CASB, DLP, RBI, and ZTNA provides multitiered protection against exploitations, disrupting cyberattacks at multiple points in MITRE's ATT&CK Framework.

The deep learning algorithms are the latest AI and ML additions to the Cato SASE Cloud. Cato has long used machine learning for offline analysis to solve problems at scale, such as OS detection, client classification, and automatic application identification. ChatGPT is also used in various ways, including automatically generating descriptions of threats for Cato's threat catalog. 

To learn more about Cato and its security capabilities, visit https://www.catonetworks.com/security-service-edge/.

**Supporting Quotes**

**Elad Menahem, senior director of security, Cato Networks**

"ML and AI are essential to defending against the ever-evolving, sophisticated, and evasive cyber-attacks. But that’s easier marketed than done,” says Elad Menahem, senior director of security at Cato Networks. “ML algorithms must be trained and re-trained on high-quality data to provide value. Cato’s data lake provides an enormous advantage in that area. Its convergence of rich networking data and security sources, coupled with its sheer scale, enables Cato to train algorithms in unique ways. Our current work is only the start of AI and ML innovation.” 

**Asaf Fried, Data Scientist, Cato Networks**

"Real-time ML must be continuously trained and updated to deal effectively with evasive attacks. A SASE cloud allows training on quality data at scale and continuous updates. Appliance-based solutions can’t offer either, making enterprises who rely on them for their network security an easier target."

**Supporting Resources**

*   Read Cato Blog 
*   Read about Elad Menahem
*   Read about Asaf Fried

*   For more information about Cato's news and activities, follow the company via Twitter, LinkedIn, Facebook, Instagram, and YouTube. 

**About Cato Networks**  
Cato provides the world's most robust single-vendor SASE platform, converging Cato SD-WAN and a cloud-native security service edge, Cato SSE 360, into a global cloud service. Cato SASE Cloud optimizes and secures application access for all users and locations everywhere. Using Cato, customers easily replace costly and rigid legacy MPLS with modern network architecture based on SD-WAN, secure and optimize a hybrid workforce working from anywhere, and enable seamless cloud migration. Cato enforces granular access policies, protects users against threats, and prevents sensitive data loss, all easily managed from a single pane of glass. With Cato, businesses are ready for whatever's next.

Cato Networks Revolutionizes Network Security With Real-Time, Machine Learning-Powered Protection

Survey also uncovers 63% of respondents distrust ChatGPT while 51% question AI's ability to improve Internet safety.

**SANTA CLARA, Calif.****,** **June 27, 2023** **/PRNewswire/ --** Malwarebytes, a global leader in real-time cyber protection, today released the results of its consumer pulse survey, exposing deep reservations about ChatGPT, with optimism in startlingly short supply.

"An AI revolution has been gathering pace for a very long time, and many specific, narrow applications have been enormously successful without stirring this kind of mistrust," said Mark Stockley, Cybersecurity Evangelist at Malwarebytes. "At Malwarebytes, Machine Learning and AI have been used for years to help improve efficiency, to identify malware and improve the overall performance of many technologies. However, public sentiment on ChatGPT is a different beast and the uncertainty around how ChatGPT will change our lives is compounded by the mysterious ways in which it works."

The survey findings indicate that ChatGPT has a trust issue. Only 10% surveyed agreed with the following statement, "I trust the information produced by ChatGPT," while 63% disagreed. Similar sentiment was held among respondents in relation to accuracy with only 12% agreeing with the statement, "the information produced by ChatGPT is accurate," while over half (55%) disagreed.

Beyond concerns around trust and accuracy, a resounding 81% of respondents believed ChatGPT could be a possible safety or security risk with 52% of respondents calling for a pause on ChatGPT work for regulations to catch up – echoing similar tech luminary concerns voiced earlier this year. 

**Key Findings**

Despite the avalanche of ChatGPT media coverage and online chatter, only 35% of respondents agreed with the statement "I am familiar with ChatGPT," significantly less than the 50% that disagreed.

Of those who said they were familiar with ChatGPT:

*   12% agree the information produced by ChatGPT is accurate
*   81% are concerned about possible security and safety risks
*   63% distrust ChatGPT information
*   51% question whether AI tools can improve internet safety 
*   52% want ChatGPT developments paused in order for regulations to catch up

To read the full findings, visit our blog: www.malwarebytes.com/blog/news/2023/06/chatgpt.

To read more about the latest threats and cyber protection strategies, visit our newsroom, or follow us on Facebook, Instagram, LinkedIn, TikTok, and Twitter.

**Survey Methodology**

Malwarebytes conducted a pulse survey of its newsletter readers across the globe between May 29 and May 31, 2023, via the Alchemer Survey platform. In total, 1449 people responded.

**About Malwarebytes**

Malwarebytes believes that when people and organizations are free from threats, they are free to thrive. Founded in 2008, Malwarebytes CEO Marcin Kleczynski had one mission: to rid the world of malware. Today, Malwarebytes' award-winning endpoint protection, privacy and threat prevention solutions along with a world-class team of threat researchers protect millions of individuals and thousands of businesses across the globe daily. Malwarebytes solutions are consistently recognized by independent tests including MITRE Engenuity, MRG Effitas, AVLAB and AV-TEST (consumer and business). Customers award Malwarebytes for being the most implementable and most usable endpoint protection product with the best results on G2 and Gartner Peer Insights. The company is headquartered in Californiawith offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.

Source

DARKReading