Stellar leverages cyber physical system detection and response (CPSDR) to prevent unexpected system changes from impacting operational reliability and availability.

**IRVING, Texas & TAIPEI, Taiwan --** (BUSINESS WIRE) — TXOne Networks, a leader in industrial cybersecurity, announced its Stellar solution for defending operational stability. Employing TXOne Networks’ unique approach to security, Cyber-Physical System Detection and Response (CPSDR), Stellar supports the priorities of security and operations without either team having to sacrifice capability or performance. Already protecting customers in semiconductors, manufacturing, oil and gas, automotive, pharmaceuticals and other many other industries, Stellar is the first solution to offer seamless detection and prevention capabilities with complete oversight for legacy and new OT devices. With intuitive management and informed automation, implementation is quick and simple while remaining non-impacting to resource-restricted devices.

The behavioral patterns of the OT devices and cyber-physical systems on plant floors are automatically established and continuously monitored. Even a single abnormal interaction demands scrutiny that common cybersecurity approaches borrowed from information technology (IT) are often not designed to recognize or address. Stellar, however, analyzes the baseline “fingerprints” of each individual device to reveal _any_ unexpected behavior that threatens reliable and stable operations. The TXOne Networks solution then prevents the unexpected change and generates alerts to complete wider analysis. In this way, Stellar is not limited to combatting known threats; rather, by leveraging TXOne Networks’ OT-native CPSDR capabilities, Stellar’s stability-driven approach addresses unexpected system changes before operations can be impacted.

Stellar consists of an agent that works with an organization’s OT devices and a centralized management console that streamlines management and policy control. A comprehensive OT-context-focused database, which TXOne Networks maintains in partnership with leading device original equipment manufacturers (OEMs), informs the accurate identification and preservation of more than 8,000 OT/industrial control system (ICS) applications, certificates and devices.

To balance the priorities of security and operations teams, Stellar delivers complete protection of operational environments and the OT devices that they comprise of, including:

*   Multi-method threat prevention to secure OT/ICS devices from malware and abuse threats

*   Operations behavior anomaly detection to prevent malware-free attacks

*   Operation lockdown to safeguard operational integrity, reduce the chance of downtime and reduce the requirements for outages (especially valuable for “non-patchable” systems)

*   Trusted control of USB devices to protect against their unauthorized access

"An increasing number of organizations today recognize OT operations as pivotal hubs for generating business value," stated Terence Liu, the Chief Executive Officer of TXOne Networks. "Numerous prominent industry leaders across diverse sectors are already entrusting our Stellar Endpoint security solution to safeguard their critical assets. With the introduction of the CPSDR feature in Stellar 3.0, enterprises can uphold operational stability and proactively mitigate unforeseen threats."

Learn more about Stellar. Follow TXOne Networks on Blog, Twitter, and LinkedIn.

**About TXOne Networks**

TXOne Networks offers cybersecurity solutions that ensure the reliability and safety of industrial control systems and operational technology environments. TXOne Networks works together with both leading manufacturers and critical infrastructure operators to develop practical, operations-friendly approaches to cyber defense. TXOne Networks offers both network-based and endpoint-based products to secure the OT network and mission-critical devices using a real-time, defense-in-depth approach. www.txone.com

TXOne Networks' Stellar Solution Safeguards Operational Stability for Organizations in Various Industries

Key findings from the research also show three of the four new malware threats on this quarter's top-ten list originated in China and Russia, living-off-the-land attacks on the rise, and more.

**SEATTLE – June 28, 2023 –** WatchGuard® Technologies, a global leader in unified cybersecurity, today announced the findings of its latest Internet Security Report, detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers in Q1 2023. Key findings from the data show phishers leveraging browser-based social engineering strategies, new malware with ties to nation states, high amounts of zero day malware, living-off-the-land attacks on the rise, and more. This edition of the report also features a new, dedicated section for the Threat Lab team’s quarterly ransomware tracking and analysis.

"Organizations need to pay more active, ongoing attention to the existing security solutions and strategies their businesses rely on to stay protected against increasingly sophisticated threats," said Corey Nachreiner, chief security officer at WatchGuard. "The top themes and corresponding best practices our Threat Lab have outlined for this report strongly emphasize layered malware defenses to combat living-off-the-land attacks, which can be done simply and effectively with a platform for unified security run by dedicated managed service providers."

Among its most notable findings, the Q1 2023 Internet Security Report reveals:

*   **New browser-based social engineering trends –** Now that web browsers have more protections preventing pop-up abuse, attackers have pivoted to using the browser notifications features to force similar types of interactions. Also of note from this quarter’s top malicious domains list is a new destination involving SEO-poisoning activity.
*   **Threat actors from China and Russia behind 75% of new threats in the Q1 Top 10 list –** Three of the four new threats that debuted on our top ten malware list this quarter have strong ties to nation states, although this doesn’t necessarily mean those malicious actors are in fact state-_sponsored_. One example from WatchGuard’s latest report is the Zusy malware family, which shows up for the first time in the top 10 malware list this quarter. One Zusy sample the Threat Lab found targets China’s population with adware that installs a compromised browser; the browser is then used to hijack the system’s Windows settings and as the default browser.
*   **Persistence of attacks against Office products, End-of-Life (EOL) Microsoft ISA Firewall –** Threat Lab analysts continue to see document-based threats targeting Office products in the most widespread malware list this quarter. On the network side, the team also noticed exploits against Microsoft’s now-discontinued firewall, the Internet Security and Acceleration (ISA) Server, getting a relatively high number of hits. Considering this product has long been discontinued and without updates, it is surprising to see attackers targeting it.
*   **Living-off-the-land attacks on the rise –** The ViperSoftX malware reviewed in the Q1 DNS analysis is the latest example of malware leveraging the built-in tools that come with operating systems to complete their objectives. The continued appearance of Microsoft Office- and PowerShell-based malware in these reports quarter after quarter underscores the importance of endpoint protection that can differentiate legitimate and malicious use of popular tools like PowerShell.
*   **Malware droppers targeting Linux-based systems –** One of the new top malware detections by volume in Q1 was a malware dropper aimed at Linux-based systems. A stark reminder that just because Windows is king in the enterprise space, this doesn’t mean organizations can afford to turn a blind eye to Linux and macOS. Be sure to include non-Windows machines when rolling out Endpoint Detection and Response (EDR) to maintain full coverage of your environment.
*   **Zero day malware accounting for the majority of detections –** This quarter saw 70% of detections coming from zero day malware over unencrypted web traffic, and a whopping 93% of detections from zero day malware from encrypted web traffic. Zero day malware can infect IoT devices, misconfigured servers, and other devices that don’t use robust host-based defenses like WatchGuard EPDR (Endpoint Protection Detection and Response).  
*   **New insights based on ransomware tracking data –** In Q1 2023, the Threat Lab tallied 852 victims published to extortion sites and discovered 51 new ransomware variants. These ransomware groups continue to publish victims at an alarmingly high rate; some are well-known organizations and companies in the Fortune 500. (Stay tuned for more ransomware tracking trends and analysis as part of WatchGuard’s quarterly Threat Lab research in future reports!)

Consistent with WatchGuard’s Unified Security Platform® approach and the WatchGuard Threat Lab’s previous quarterly research updates, the data analyzed in this quarterly report is based on anonymized, aggregated threat intelligence from active WatchGuard network and endpoint products whose owners have opted to share in direct support of WatchGuard’s research efforts.   
New for this Q1 2023 analysis, the Threat Lab team has updated the methods used to normalize, analyze, and present the report findings. While previous quarterly research results have primarily been presented in the aggregate (as global total volumes), this quarter and going forward the network security results will be presented as “per device” averages for all reporting network appliances. The full report includes additional detail around this evolution and the rationale behind the updated methodology, as well as details on additional malware, network, and ransomware trends from Q1 2023, recommended security strategies, critical defense tips for businesses of all sizes and in any sector, and more.

For a more in-depth view of WatchGuard’s research, read the complete Q1 2023 Internet Security Report here.

**About WatchGuard Technologies, Inc.**

WatchGuard® Technologies, Inc. is a global leader in unified cybersecurity. Our Unified Security Platform® approach is uniquely designed for managed service providers to deliver world-class security that increases their business scale and velocity while also improving operational efficiency. Trusted by more than 17,000 security resellers and service providers to protect more than 250,000 customers, the company’s award-winning products and services span network security and intelligence, advanced endpoint protection, multi-factor authentication, and secure Wi-Fi. Together, they offer five critical elements of a security platform: comprehensive security, shared knowledge, clarity & control, operational alignment, and automation. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter (@WatchGuard), on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

_WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners._

WatchGuard Threat Lab Report Reveals New Browser-Based Social Engineering Trends

More than 950,000 job postings for tech positions in Q4 2022.

**London, June 28, 2023 –** While Europe continues to deal with regional economic issues including the effects of inflation and the ongoing conflict in Ukraine, businesses in multiple industries still need technology workers, research by CompTIA, the nonprofit association for the technology industry and workforce, finds.

Employer job postings for technology positions in 11 countries totaled more than 950,000 in Q4 2022, the most recent available data, according to CompTIA's latest "European Tech Hiring Trends" report.

“Skilled tech workers are very much in high demand across the continent, creating new employment opportunities for people who are looking to enter the technology workforce for the first time and for those who are seeking new challenges,” said Graham Hunter, executive vice president, global sales, CompTIA. “This report also shows how critical professional certification programs are to the tech industry and companies in a wide variety of industries.”

Tech employment opportunities are available at every career stage. Among all tech job postings, 35% of employers sought candidates with 0 to 2 years of work experience. The search for tech workers in their early career stage was even more pronounced in Romania (57% of all tech job postings) and Ireland (54%). Across all 11 countries employers specified 3 to 10 years of experience for 10% of job postings and 11 or more years for 13% of openings.

Job postings were widely dispersed geographically, with the largest numbers in Germany (411,743), France (217,480) and Poland (60,532).

Companies in the information and communication industry listed the most job postings, but hiring interest was also strong among firms in professional, scientific and technical services, manufacturing, administrative and support services, and financial and insurance sectors.

Positions in software development, programming and web development had the highest volume of job postings in Q4 2022 (353,293). Demand was also strong for systems analysts and cybersecurity professionals (284,215), IT support specialists and technicians (113,427) and network and systems administrators and technicians (113,394).

The report’s breakdown of data by individual countries highlights both the commonalities and uniqueness of tech employment in each market.

Software development and programming topped the list of job role categories in 10 of 11 countries included in the report, with Germany (142,956), France (72,653) and Poland (32,921) taking the top three spots. Italy was the exception, where employers focused their talent search on cybersecurity professionals and systems analysts.

The "European Tech Hiring Trends" report is based on CompTIA's analysis of employer job posting data aggregated by Lightcast from Q4 2022 and some prior periods. The full report is available at https://www.comptia.org/content/research/european-tech-hiring-trends.

**About CompTIA**The Computing Technology Industry Association (CompTIA) is the world’s leading information technology (IT) certification and training body. CompTIA is a mission-driven organization committed to unlocking the potential of every student, career changer or professional seeking to begin or advance in a technology career. Each year CompTIA, directly and through its global network of partners, provides millions of people with training, education and certification. To learn more visit https://www.comptia.org/

Employer Demand for Technology Workers Across Europe Remains on Firm Footing

The new brand is launched alongside new product security platform capabilities such as a vulnerability management (VM) co-pilot and incident response investigation management, providing automation and workflows for the many teams involved in product security.

**TEL AVIV, Israel****,** **June 28, 2023** **/PRNewswire/ --** Cybellum, creator of the award-winning Product Security Platform for device manufacturers, unveiled today a new brand identity and new platform capabilities reinforcing its commitment to the product security community.

The new brand channels the company's focus on the multiple teams involved in today's product security operations.

Now more than ever, product security is a multi-team effort - from vulnerability management to software quality assurance, SBOM management, incident response, and compliance, each part of the workflow is governed by a different team, requiring a specialized, yet unified approach. The new brand, together with the new platform capabilities enables teams across the organization to automate and simplify the many security tasks they have, making the process more efficient and collaborative at the same time.

Some of the new platform capabilities include:

*   A new interface focusing on multi-team collaborative product security - from asset management and software assurance to incident response and cyber-compliance
*   Corporate Management dashboards provide visibility into the organization's product security readiness
*   New SBOM management capabilities including one-click SBOM and VEX report generation for entire products, so you no longer need to manually aggregate information from underlying components
*   The Vulnerability Management (VM) CoPilot focuses your team on the most pressing and relevant vulnerabilities by automating exploit analysis
*   A new Malware detection engine secures device software from malicious code, enhances supply chain cybersecurity, and facilitates compliance
*   A revamped Policy Engine with greater customization flexibility automates requirement validation, accelerating compliance with regulations and your own policies
*   A refined Incident Response module facilitates threat intelligence monitoring, automates relevancy assessment, and streamlines the investigation workflow for rapid remediation of post-market incidents

All of these new capabilities are built into the company's Product Security Platform, a centralized management platform for keeping connected devices cyber secure.

"Product security is still an evolving field, and Cybellum is committed to the success of the teams involved," says Shlomi Ashkenazy, Cybellum's Head of Brand. "Throughout the past year, we learned from our customers what are the main gaps they have in their product security process, and worked to close them."

"To us, working hand in hand with the product security community is the most important aspect of what we do," added Shlomi, "This new chapter in Cybellum's brand story echoes the vision and aspirations of that community, and further aligns the Cybellum story and mission with the challenges and needs of our customers."

**About Cybellum**

Cybellum is where teams do product security.

Device manufacturers such as Jaguar Land Rover, Supermicro, Danaher, and Faurecia use Cybellum's Product Security Platform and services to manage the main aspects of their cybersecurity operations across business units and lifecycle stages. From SBOM to Vulnerability Management, Compliance Validation, and Incident Response, teams ensure their connected products are fundamentally secure and compliant – and stay that way.

To learn more visit www.cybellum.com

Cybellum Unveils New Brand, Amplifying Commitment to Team-Centric Product Security

Innovative risk-based model enables better security measures.

**TEL AVIV, Israel****,** **June 28, 2023** **/PRNewswire/ --** OTORIO, the leading provider of operational technology (OT) cyber and digital risk management solutions, today announced a significant advancement in OT security with the availability of its Attack Graph Analysis technology, integrated into the company's powerful Cyber Digital Twin (CDT) model. By leveraging the capabilities of the CDT, organizations can now gain dynamic visual network topology and advanced risk assessment, enabling the proactive management of vulnerabilities in their OT infrastructure. This announcement follows the company's recent securing of a patent from the U.S. Patent and Trademark Office (USPTO) for its risk management model and attack graph analysis algorithm.

Even organizations with skilled OT security personnel face challenges when protecting operational environments due to their complexities and the shortcomings of existing OT security solutions. Limited visibility and partial data can result in an unclear asset inventory, and businesses often don't understand their actual exposure to attacks by only focusing on endpoint vulnerabilities. These factors make it difficult to accurately assess OT security posture.

OTORIO's Cyber Digital Twin and Attack Graph Analysis overcome these challenges. The CDT consists of an automated, secure, and logical representation of the operational network, its entities, and their interrelationships. It acts as a sandboxed model of the operational environment, enabling safe breach and attack simulations (BAS) as well as data-driven impact analysis.

Once the relationships between the entities have been established, the CDT algorithm generates an Attack Graph: a visualization of all network assets, vulnerabilities, and connections that show segmentation gaps and potential attack vectors targeting critical assets and processes. By calculating risk across all assets, threats, and scenarios, it enables businesses to continuously assess, monitor, and proactively protect their critical OT systems. Attack Graph Analysis empowers organizations to prioritize their security efforts by providing actionable insights into the most critical vulnerabilities and potential attack vectors. By identifying and visualizing the high-risk areas within their OT infrastructure, businesses can allocate resources more efficiently and stay ahead of emerging threats.

The CDT and Attack Graph Analysis technology are built on three key pillars:

*   Automation -- OTORIO streamlines security processes, reducing human error and enabling rapid response. It provides an automated, user-friendly report with action items and priorities, eliminating the need for manual analysis.
*   Explainability - The Attack Graph Analysis ensures transparency and enables users to better understand their security posture from a risk and business impact standpoint.
*   Actionability - The visually intuitive Cyber Digital Twin and Attack Graph Analysis reports provide recommendations tailored to network needs. This comprehensive approach equips organizations with effective security strategies, enabling proactive vulnerability management.

"Our Cyber Digital Twin and patent-protected Attack Graph Analysis are game-changing solutions for OT security, and we're thrilled to provide them to our customers," said Ben Reich, Chief Platform Architect at OTORIO. "We are bringing a new level of precision and effectiveness to OT security by empowering organizations to proactively manage risk, ensure operational resilience, and protect their critical assets from evolving cyber threats."

**About OTORIO** 

OTORIO has pioneered an industrial-native OT security platform that enables its customers to achieve an integrated, holistic security strategy for industrial control systems (ICS) and cyber-physical systems (CPS). Together with its partners, OTORIO empowers operational security practitioners to proactively manage cyber risks and ensure resilient operations.

The company's platform provides automated and consolidated visibility of the entire operational network, enabling companies to take control of their security posture, eliminate critical risks, and deliver immediate business value across the  organization. OTORIO's global team combines the extensive mission-critical experience of top nation-state cyber security experts with deep operational and industrial domain expertise. To learn more, visit OTORIO.com.

Logo - https://mma.prnewswire.com/media/2004395/4139581/Otorio\_Logo.jpg

SOURCE OTORIO

OTORIO Rolls Out Advanced Attack Graph Analysis for OT Security

The company introduces a solution to restore trust in customers' existing cyber defense techstack.

**LAWRENCE, Kan.****,** **June 28, 2023** **/PRNewswire/ --** Invary, a cybersecurity pioneer focused on detecting hidden malware and preventing costly ransomware attacks, has raised pre-seed funding to launch its innovative solution. The investment was led by Flyover Capital, with additional participation from NetWork Kansas GROWKS Equity program, and the KU Innovation Park.

The pre-seed funding round will fuel the launch of Invary's flagship Runtime Integrity offering, designed to uncover and neutralize hidden threats that elude modern threat detection systems. This unique service debuts this summer, and will empower organizations to fortify their security postures and proactively safeguard their digital environment against high impact attacks.

Additionally, Invary's free Runtime Integrity Score (RISe) service is available now, allowing customers to spot-check their system's integrity and identify hidden malware.

The Invary leadership team brings decades of operational expertise in Trusted Computing research and reunites entrepreneurs with a successful history of collaboration. The company is spearheaded by CEO Jason Rogers, who has extensive experience building secure cloud-scale platforms, and scaling engineering & operations at category leader Matterport through IPO. The team's security credentials are further bolstered by founder Dr. Perry Alexander, a distinguished authority in Trusted Computing research and his protege and former student, Dr. Wesley Peck, the CTO of Invary, who obtained his PhD under Dr. Alexander's guidance.

The highly dynamic nature of today's threat landscape poses a significant challenge to the security posture of all organizations, including those with advanced defenses like XDR, SIEM and CNAPP solutions. The primary flaw within these defense layers stems from their assumption that the operating system remains uncompromised. This leaves a critical gap in the overall security infrastructure that threat actors can discreetly exploit to prepare a ransomware attack or data breach. This oversight is incredibly problematic because a staggering 72% of cyberattacks occur in production according to Datadog's latest State of Application Security report. 

Invary plugs this security gap at runtime by mandating continuous validation of the operating system - making it an indispensable component of a "trust nothing" Zero Trust architecture. Built on an exclusive intellectual property grant from the NSA, Invary's technology provides proven and superior protection for the digital environment, pinpointing compromise with high confidence, eliminating superfluous, noisy monitoring data.

Jon Broek, CEO of Tenfold Security, a leader in cloud security services, said, "Invary Runtime Integrity gives us an unfair advantage over the competition when deployed with our security solutions for cloud and virtual machines. It also provides a key component of keeping our customers secured end to end and preventing things like ransomware that are highly targeting our core customers in higher education."  

"We are thrilled to have secured this pre-seed funding, as it validates the need for  Invary's novel technology to shore up existing cyber defenses against high impact hidden threats," said Jason Rogers, CEO of Invary. "With the support of our investors, customers and partners, we are well-positioned to advance our mission of fortifying the security ecosystem by reinforcing Zero Trust principles."

The IT team at LMH Health said, "One of the key challenges in combating destructive ransomware is the hidden malware within operating systems that often serves as the foundation for such attacks. Invary Runtime Integrity gives visibility into a part of the system overlooked by most other security tools. We are able to gain confidence that the operating system has not been compromised, but if there are cases where anomalies are detected, a wealth of information is provided to help determine if they are benign, intentional or potentially malicious." 

"Ensuring the safety of our customers and cyber community is our #1 priority. Our pre-seed funding enables us to realize this dedication by continuously improving Invary's Runtime Integrity Service while also making our agent open source. We're proud to enhance operating system security for all by accelerating the industry's progress toward truly comprehensive Zero Trust Architectures," said Dr. Wesley Peck, CTO of Invary. 

The successful completion of the pre-seed funding round underscores Invary's commitment to pushing the boundaries of Runtime Security. With this significant investment, Invary is poised to accelerate its growth, enhance its technology and expand its reach in preventing data breaches and ransomware attacks.

For more information about Invary and its Runtime Integrity solutions, please visit www.invary.com.

**About Invary**

Invary is the leader in operating system runtime validation and security. The company's technology detects hidden, high impact threats to the operating system that are missed by other foundational defense systems including XDR, SIEM and CNAPP platforms. By securing the integrity of the operating system as a first class citizen in the "trust nothing" entity list of Zero Trust architectures, Invary becomes an indispensable part of modern cyberdefense. Based on an exclusive IP grant from the NSA and proven technology that has been deployed in real-world, critical infrastructure, Invary's proprietary technology ensures malware, ransomware and other hidden, high impact threats commonly found in operating systems are exposed — before they can cause downtime and expand the blast radius of attack.

Invary Raises $1.85M in Pre-Seed Funding to Close Critical Gap in Zero Trust Security

New report offers valuable resource to help organizations evaluate the safety and reliability of open-source packages.

**TEL AVIV, Israel** **and** **BOSTON****,** **June 28, 2023** **/PRNewswire/ --** Mend.io, a leader in application security, released findings today from its latest report, the Mend.io Open Source Reliability Leaderboard. Powered by data from Renovate, Mend.io's popular open-source dependency management tool, the Leaderboard presents the top packages in terms of reliability across three of the most widely used languages.

"The Leaderboard helps shift the AppSec view from detection to prevention, a valuable perspective for reducing the risk imposed by our increasingly vulnerable software supply chain," said Rhys Arkins, vice president of product management, Mend.io. "Success hinges on having the knowledge necessary to prevent possible open-source vulnerabilities from ever being installed in the first place. For that to happen, companies need to know not only what packages are in use at their companies, but how safe they are."

The Leaderboard allows the Mend.io team to leverage and share a valuable resource. There is no better arbiter of package reliability than Renovate, which has gathered crowd-sourced data on over 25 million dependency updates. By analyzing what packages are consistently releasing good updates, the Leaderboard presents an accurate picture of a package's overall reliability for software engineers trying to balance functional risk with security risk. 

The full report showcases detailed rankings for npm, PyPi, and Maven.

**Key findings:**

**Group runs bring down overall package reliability.** 

Any fan of the TV show _Survivor_ can tell you that in competition, groups are often hurt by their weakest link, and the same holds true when it comes to group updates. A group of ten packages is ten times more likely to encounter a failure. 

**Release frequency has no effect on average success rates.**

You would think that more-frequent releases would improve reliability through faster bug fixes and an engaged maintainer community, but such was not the case.

**The Best of the Best**

Looking across the overall categories, the top three most reliable packages for each language are: 

**Npm:**

1.  prettier-eslint
2.  np
3.  jest-cli

**Maven:**

1.  org.apache.maven.scm:maven-scm-provider-gitexe
2.  com.github.ekryd.sortpom:sortpom-maven-plugin
3.  org.apache.maven.plugins:maven-release-plugin

**PyPi:** 

1.  Pulumi
2.  Botocore-stubs
3.  types-python-dateutil

**About the Report**

The report examines data from Renovate, an automated dependency management tool that leverages crowd-sourced data on over 25 million dependency updates.

Download a full copy of the report here.

**About Mend.io**

Mend.io, formerly known as WhiteSource, has over a decade of experience helping global organizations build world-class AppSec programs that reduce risk and accelerate development -– using tools built into the technologies that software and security teams already love. Our automated technology protects organizations from supply chain and malicious package attacks, vulnerabilities in open-source and custom code, and open-source license risks. With a proven track record of successfully meeting complex and large-scale application security needs, Mend.io is the go-to technology for the world's most demanding development and security teams. The company has more than 1,000 customers, including 25 percent of the Fortune 100, and manages Renovate, the open-source automated dependency update project. For more information, visit www.mend.io, the Mend.io blog, and Mend.io on LinkedIn and Twitter.

SOURCE Mend.io

Mend.io Launches Inaugural Open Source Reliability Leaderboard

Virtual kidnapping is just one of many new artificial intelligence attack types that threat actors have begun deploying, as voice cloning emerges as a potent new imposter tool.

An incident earlier this year in which a cybercriminal attempted to extort $1 million from an Arizona-based woman whose daughter he claimed to have kidnapped is an early example of what security experts say is the growing danger from voice cloning enabled by artificial intelligence.

As part of the extortion attempt, the alleged kidnapper threatened to drug and physically abuse the girl while letting her distraught mother, Jennifer DeStefano, hear over the phone what appeared to be her daughter's yelling, crying, and frantic pleas for help.

But, those pleas ended up being deepfakes.

**Deepfakes Create Identical Voices**

In recounting details of the incident, DeStefano told police she had been convinced the individual on the phone had actually kidnapped her daughter because of how identical the alleged kidnapping victim's voice was to her daughter's.

The incident is one in a rapidly growing number of instances where cybercriminals have exploited AI-enabled tools to try and scam people. The problem has become so rampant that the FBI in early June issued a warning to consumers that criminals manipulating benign videos and photos are targeting people in various kinds of extortion attempts.

"The FBI continues to receive reports from victims, including minor children and non-consenting adults, whose photos or videos were altered into explicit content," the agency warned. "The photos or videos are then publicly circulated on social media or pornographic websites, for the purpose of harassing victims or sextortion schemes." Scams involving deepfakes have added a new twist to so-called imposter scams, which last year cost US consumers a startling $2.6 billion in losses, according to the Federal Trade Commission.

In many instances, all it takes for attackers to create deepfake videos and audio — of the kind that fooled DeStefano — are very small samples of biometric content, Trend Micro said in a report this week highlighting the threat. Even a few seconds of audio that an individual might post on social media platforms like Facebook, TikTok, and Instagram is all that a threat actor requires to clone that individual's voice. Helpfully for them, a slew of AI tools is readily available — with many more on the way — that allow them to do voice cloning relatively easily using small voice biometrics harvested from various sources, according to Trend Micro researchers.

"Malicious actors who are able to create a deepfake voice of someone's child can use an input script (possibly one that's pulled from a movie script) to make the child appear to be crying, screaming, and in deep distress," Trend Micro researchers Craig Gibson and Josiah Hagen wrote in their report. "The malicious actors could then use this deepfake voice as proof that they have the targeted victim's child in their possession to pressure the victim into sending large ransom amounts."

**A Plethora of AI Imposter Tools**

Some examples of AI-enabled voice cloning tools include ElevenLabs' VoiceLab, Resemble.AI, Speechify, and VoiceCopy. Many of the tools are only available for a fee, though some offer freemium versions for trial. Even so, the cost to use these tools is often well less than $50 a month, making them readily accessible to those engaged in imposter scams.

A great deal of videos, audio clips, and other identity-containing data is readily available on the Dark Web that threat actors can correlate with publicly available information to identify targets for virtual kidnapping scams like DeStefano experienced and other imposter scams, Trend Micro noted. In fact, specific tools for enabling virtual kidnapping scams are emerging on the Dark Web that threat actors can use to hone their attacks, the researchers say in emailed comments to Dark Reading.

AI tools such as ChatGPT allow attackers to fuse data — including video, voice, and geolocation data — from disparate sources to essentially narrow down groups of people they can target in voice cloning or other scams. Much like social network analysis and propensities (SNAP) modeling allows marketers to determine the likelihood of customers taking specific actions, attackers can leverage tools like ChatGPT to focus on potential victims. "Attacks are enhanced by feeding user data, such as likes, into the prompt for content creation," the Trend Micro researchers say. "Convince this cat-loving woman, living alone who likes musicals, that their adult son has been kidnapped," they say, as one example. Tools like ChatGPT allow imposters to generate in a wholly automated way the entire conversation that an imposter might use in a voice cloning scam, they add.

Expect also to see threat actors use SIM-jacking — where they essentially hijack an individual's phone — in imposter scams such as virtual kidnapping. "When virtual kidnappers use this scheme on a supposedly kidnapped person, the phone number becomes unreachable, which can increase the chances of a successful ransom payout," Trend Micro said. Security professionals can also expect to see threat actors incorporate communication paths that are harder to block, like voice and video in ransomware attacks and other cyber-extortion schemes, the security vendor said.

**Cloning Vendors Cognizant of the Cyber-Risks**

Several vendors of voice cloning themselves are aware of the threat and appear to be taking measures to mitigate the risk. In Twitter messages earlier this year, ElevenLabs said it had seen an increasing number of voice-cloning misuse cases among users of its beta platform. In response, the company said it was considering adding additional account checks, such as full ID verification and verifying copyright to the voice. A third option is to manually verify each request for cloning a voice sample.

Microsoft, which has developed an AI-enabled text-to-speech technology called Vall-E, has warned of the potential for threat actors to misuse its technology to spoof voice identification or impersonate specific speakers. "If the model is generalized to unseen speakers in the real world, it should include a protocol to ensure that the speaker approves the use of their voice and a synthesized speech detection model," the company said.

Facebook parent Meta, which has developed a generative AI tool for speech called VoiceBox, has decided to go slow in how it makes the tool generally available, citing concerns over potential misuse. The company has claimed technology uses a sophisticated new approach to cloning a voice from raw audio and an accompanying transcription. "There are many exciting use cases for generative speech models, but because of the potential risks of misuse, we are not making the Voicebox model or code publicly available at this time," Meta researchers wrote in recent recent post describing the technology.

AI-Enabled Voice Cloning Anchors Deepfaked Kidnapping

Workers were lured in by false job promises from Facebook ads, only to be tricked into committing cybercrimes with no way out.

Thousands of workers in China, Indonesia, the Philippines, Vietnam, and a host of other countries who were tricked into performing forced labor for cybercrime groups, including running fake online gaming sites, were rescued in a raid on June 27 by the Filipino police. 

Workers that had previously attempted to quit were forced to pay large amounts of money for the privilege, and others were afraid that they would be sold into other human-trafficking syndicates. They were lured in by Facebook ads with promises of high salaries and fair working conditions.

The head of the anti-cybercrime unit of the Philippines police, Brigadier General Sydney Hernia, said that police searched various buildings in Las Pinas with warrants, rescuing 1,534 Filipinos and 1,190 others from a variety of different countries. This comes after a police raid in May at the Clark Freeport in Mabalacat City, where roughly 1,400 workers were rescued after being forced to commit cryptocurrency crimes. 

Muhammah Mahfud, Indonesian Minister, said that the Association of Southeast Asian Nations (ASEAN) needs to make progress on a regional extradition treaty that has been long proposed, which would ultimately help authorities prosecute these kinds of offenders and mitigate the escalating human trafficking and cybercrimes in these regions.

It is currently unknown how many of the cybercrime syndicate leaders were arrested in the police raid. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Thousands of Filipinos, Others Rescued From Forced Cybercrime Labor

Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see.

Since the early 1990s, we've watched the internet evolve from dial-up connections to high-speed, cloud-based computing. Organizations have navigated a shifting maze of technology while defending against cyberattacks. Sadly, after three decades in cybersecurity, I see organizations wrestling with the same problems in 2023 that they grappled with in 1995 when they first plugged into the internet.

Attacks on users through email, attacks on availability through denial-of-service campaigns, and exploits of systems through vulnerable applications are longstanding strategies that remain fruitful for threat actors.

Even today, with increased awareness and public reporting of data breaches, business leaders and developers aren't taught to balance new technologies with the required security. Organizations still focus on functionality and time to market, not on ensuring secure, predictable behavior. This creates a weakened infrastructure that attackers continue to prey on successfully and daily.

So, why do cybersecurity losses continue growing despite a projected $188.3 billion global annual spending on information security and risk management products and services?

**We're Treating Symptoms, Not Causes**

Vendor messaging over the decades has trained the marketplace to believe the solution to cybersecurity challenges is technology. More and more technology. The same proposition leads people to think they can lose weight with a pill — not eating better or exercising more, but a quick and easy solution so that they can pay to make the problem disappear.

The growth of security budgets shows this line of thinking is pervasive and leads to a vicious cycle of trying to outspend risk. In truth, while much of the technology is valuable, cybersecurity issues arise in the gaps.

Like prescriptions that are stopped mid-course or bandages over broken bones, technology adopted without a plan can create misplaced confidence in an incomplete system. Many organizations focus on shiny, new attacks at the expense of solid foundational protection, and this misprioritization has continued a culture of victimization and never-ending vulnerabilities.

The rising cost and destructive power of cyberattacks aren't new; they're collateral damage from years of neglecting basic security policies and best practices. Increased security investment is spent on niche protection technologies promoted by analysts, vendors, press coverage, and practitioner curiosity.

The constant change in tooling and focus also leads to burnout and job dissatisfaction among experienced leaders, exacerbating the cybersecurity skills shortage. To address ongoing vulnerability and increasing stress, we need to think about cybersecurity differently, recognizing that successful businesses rely on a healthy security posture.

**Cybersecurity's Preventive Medicine**

Organizations should consider their security practices the same way people think about their well-being. Focus on staying healthy instead of finding a new pill for every security symptom you see. The same principles you hear from the doctor apply to cybersecurity resilience: Diet, exercise, and regular checkups.

Security's basic food groups are prevention, detection, response, and remediation. Address each appropriately based on the specifics of your organizational need. Too little prevention and your detection, response, and remediation will be swamped. Too little response and security events will drag on. Your security program should consume only what it needs and what your team can digest and use. Any more than this, and you'll be carrying extra weight in your budget.

Cybersecurity conditioning means regularly conducting awareness training, tabletop exercises, practitioner certifications, asset inventory verifications, and penetration tests. Keep the team up to date on roles and responsibilities. Your response will be faster and more targeted, and your organization less disturbed, if you take the time to work out that security muscle regularly.

No one likes going for a yearly physical, but it's a great way to learn if you're as healthy as you think. Find time to run through your security program to make sure it's still balanced. Have your team double-check critical controls and compliance with relevant standards or best practices. Get a second opinion once in a while. Find a third party that doesn't have the context of your business and ask what they see. Good cybersecurity health means looking for even small indications something may have been missed. It doesn't take long for that blind spot to put your whole effort at risk.

**If You Do Get Sick…**

Maintaining a resilient, trustworthy security system is complicated by new capabilities and a diverse threat landscape. By some estimates, more than 250,000 new pieces of malware are detected daily. We need to diagnose and treat new problems like the healthcare industry addresses constantly changing epidemiological challenges.

The healthcare system keeps up with new and mutating diseases because specialists focus on a single condition, determining the best means to identify and diagnose it. Another group focuses on treatment to quell the problem early. Others develop the specialized equipment that powers diagnosis and treatment, while hospitals and the entire healthcare ecosystem support patients.

If we understand our organizations and the threats we're likely to face, we can begin to live the healthy, budgetable, and predictable corporate cybersecurity life we've sought for decades. By taking cyber health more seriously, we can cure the fundamental problems that have plagued the industry for the past 30 years and stop merely treating the symptoms and attacks.

Source

DARKReading