The group has given one of Apple's biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and "points of entry" to its network publicly leaked.

Taiwan Semiconductor Manufacturing Company (TSMC) — one of Apple's biggest semiconductor suppliers — on Friday blamed a third-party IT hardware supplier for a data breach that has exposed the company to a $70 million ransom demand from the LockBit ransomware group.

In an emailed statement to Dark Reading, TSMC confirmed multiple reports about the security incident but did not say what data specifically LockBit actors might have accessed from its systems and is holding for ransom. The statement, however, described the incident as not affecting any of TSMC's business or customer information.

**Third-Party Breach**

"TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration," the statement noted. It identified the third-party supplier as Kinmax Technology, a Hsinchu, Taiwan- based systems integrator that claims to work with numerous other major technology players, including Aruba, Checkpoint, Cisco, Citrix, Fortinet, Hewlett-Packard Enterprise, Microsoft, and VMware. It's unclear if any other customers are affected by the attack.

Meanwhile, a subgroup within the LockBit operation that calls itself the National Hazard Agency claimed that it has given TSMC up to Aug. 6 to pay the multimillion-dollar ransom or risk having the company's stolen data publicly leaked. The threat actor claimed that it would also publish what it described as "points of entry" into TSMC's network as well as passwords and login information for gaining access to it. The latter is catnip to cyberattackers given that TSMC is a juicy target: It reported a net income of some $34 billion on consolidated revenue of $75.8 billion in 2022.

TSMC said it had conducted a review of its hardware components and security configurations used in its systems, after Kinmax reported the incident, to determine the scope of the breach. "After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures," the statement noted. The chipmaker said it remained committed to enhancing security awareness among its suppliers and in ensuring they complied with the company's security requirements.

**IT Supplier Downplays Incident**

Kinmax said it discovered the intrusion into its systems on June 29. The company described the attacker as having breached the company's engineering test environment and accessing system installation preparation information. 

"This is the system installation environment prepared for customers," Kinmax said in a statement on the incident. "The captured content is parameter information such as installation configuration files."

The statement appeared to downplay the seriousness of the breach. "The \[breached\] information has nothing to do with the actual application of the customer. It is only the basic setting at the time of shipment," the company said. The statement did not identify TSMC by name. But it somewhat bewilderingly claimed that the chipmaker (or others) had not experienced any negative consequences. "At present, no damage has been caused to the customer and the customer has not been hacked by it," the June 30 statement noted.

In the statement shared with Dark Reading, the systems integrator expressed regret over the incident. "We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience. The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future," the Kinmax statement said.

TSMC is the latest among a rapidly growing number of organizations that has experienced a data breach via a third-party compromise. News of the company's predicament comes even as reports continue to pour in about numerous organizations falling victim to the Cl0p ransomware gang because of a vulnerability in Progress Software's widely used MOVEit Transfer app. Victims of that campaign so far include biopharma giant AbbVie, Siemens, Schneider Electric, the University of California at Los Angles (UCLA).

Such breaches have brought IT supply chain security into sharp focus in recent years and made it a top priority in the Biden administration's May 2021 cybersecurity executive order.

Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

The number of malware samples is up as attackers aim to compromise users where they work and play: Their smartphones.

Attackers are increasingly targeting users through their mobile devices, attacking vulnerabilities in services that are built into applications and mounting increasing numbers of SMS phishing attacks.

That's according to mobile security firm Zimperium's 2023 "Global Mobile Threat Report," which also found that the average number of unique mobile malware samples grew 51% in 2022, totaling an average of 77,000 unique malware samples found every month. About a quarter of application samples submitted to public repositories — 23% of Android apps and 24% of iOS apps — were malicious, according to data in the report.

In total, that all contributed to the number of compromised devices nearly tripling (up 187%) in the time period, because the tactics are working: The company saw an average of four malicious phishing links clicked per device, for instance.

The trend comes as companies and their workers rely increasingly on mobile devices, with a majority of firms seeing more workers (58%) using mobile devices for business than in 2021 and most users (59%) doing more work with their mobile devices, according to the 2022 "Verizon Mobile Security Index" report. 

"Businesses and users need to mostly be concerned about mobile phishing and spyware today, and mobile ransomware will become increasingly concerning in the near future," says JT Keating, senior vice president of strategic initiatives at Zimperium. 

**Android, iOS Devices See Different Levels of Cyber Threats**

About 80% of phishing sites specifically target mobile devices with content suited to those platforms, Zimperium stated in its 2023 "Global Mobile Threat Report." But, as has been the case for many years, the Android platform tends to attract more threats. One of the reasons for that could be that the Android operating system has seen between about 500 and 900 vulnerabilities disclosed per year that threat actors can target; iOS meanwhile saw a little more than 300 vulnerabilities in five of the last eight years, according to Zimperium. 

Another reason that Android is a bigger target? App development mistakes. The firm found that there are more mistakes made in the process of developing apps when it comes to Android, particularly when it comes to how those apps interact with cloud storage instances. Only about 2% of iOS applications access unprotected cloud instances, while 10% of Android apps do so. These include database instances accessed through Google Firebase and Cloud Platform, Amazon Simple Storage Service (S3), and Microsoft Azure Cloud Storage, according to Zimperium's report. As a corollary, developers also tend to access the same poor resources, too: Only 1% of unprotected cloud instances accounted for 60% of applications at risk, the company said.

Georgy Kucherin, a security expert at Kaspersky's Global Research and Analysis Team (GReAT), says his firm's research bears out the finding that Android attracts more overall threats, though he notes that when it comes to spyware the targeting is evenly split between the two ecosystems; the recent Triangulation cyber espionage campaign for instance shows the value in targeting the iOS platform.

"Mobile users should worry about both cybercrime threats and nation-state espionage, \[but\] it is correct to say that Android faces more general threats," he says. "Android devices are more likely to become infected with malware distributed by cybercriminals. As for top-notch espionage spyware, both iOS and Android are vulnerable to it."

The lack of jailbreaking utilities for the latest version of iOS is also lowering the number of attacks for that platform, according to Zimperium. Jailbreaking allows users to add non-Apple-sanctioned software to their mobile devices, but it also removes significant security guardrails in the process. 

**Threats Up, or Leveling Off?**

In terms of the types of mobile malware that's circulating out there, Kaspersky saw fewer mobile malware installers and less ransomware in the past year, but more banking Trojans, it stated in "The Mobile Malware Threat Landscape in 2022" report.

"Cybercriminals are still working on improving both malware functionality and spread vectors," according to the report. "Malware is increasingly spreading through legitimate channels, such as official marketplaces and ads in popular apps. This is true for both scam apps and dangerous mobile banking malware."

To put all of this into perspective, it should be noted that traditional computing platforms still attract the lion's share of the cybercrime pie. Kaspersky, for example, blocked more than 20 million malicious installers, spyware, and adware attacks on mobile devices over the last four quarters, but blocked more than 20 times that number against more common work platforms, such as Windows. However, the mobile threat vector is not as well protected. 

"In most cases, mobile devices represent a significant, unaddressed attack surface for enterprises," Zimperium's Keating says. "No matter if they are corporate-owned or part of a BYOD strategy, the need to implement appropriate security controls, and educate end-users about potential threats, is critical."

Mobile Cyberattacks Soar, Especially Against Android Users

Nokod Security is building a platform that enables organizations to secure in-house low-code/no-code custom applications by scanning for security and compliance issues and applying remediation policies

**TEL AVIV, Israel****,** **June 29, 2023** **/PRNewswire/ --** Nokod Security, a company developing security for low-code / no-code custom applications and Robotic Process Automation (RPA), announced its $8 million seed round, which will be used to establish a presence in the United States market, as well as to expand the R&D teams and support novel research of security vulnerabilities in the low-code/no-code domain. Funds were raised from Acrew Capital, Meron Capital and Flint Capital, firms with a successful track record of investing in top companies in the data protection, software verification and cybersecurity sectors like Exabeam, Mitiga, Laminar, Socure, and others.

Adoption of low-code / no-code and RPA platforms like Microsoft PowerApps, ServiceNow or UiPath is predicted to reach 65% of the IT market by 2024. More so, Generative AI and ChatGPT-like tools, introduced just this past year, are set to hyper-accelerate low-code / no-code development. Although these platforms provide businesses fast application development with minimal complex coding using third-party toolkits, they are not covered by the application security stack. As a result, the applications and automations create a new attack surface as well as introduce the risk of compliance violations.

Yair Finzi, a former Head of Department in an elite cyber security unit of the Israeli Army and a cybersecurity entrepreneur with over 15 years of experience, and Amichai Shulman, a cybersecurity researcher, advisor, entrepreneur and investor with multiple successful exits, recognized this gap early on. They have a proven track record of running successful companies: Yair co-founded and led SecuredTouch (acquired by Ping Identity), while Amichai co-founded and served as CTO of application and data security giant, Imperva.

With Nokod, Yair and Amichai empower businesses with a platform to manage cybersecurity and compliance risks stemming from their low-code / no-code custom applications and RPAs by streamlining security into the application's lifecycle. The platform provides the security team with a comprehensive view of the application inventory, identifies security issues and vulnerabilities and offers the organization customized auto-remediation, effectively accelerating their digital transformation. The company is in discussions with Fortune 500 companies in several verticals.

**"**In today's world, application development is both time-consuming and costly, exacerbated by the anticipated threefold increase in the shortage of full-time software developers by 2025. As companies increasingly turn to low-code/no-code and RPA platforms, coupled with the rise of Generative AI tools, the adoption of low-code/no-code tools is set to skyrocket. This trend can take us back to the days when everyone coded without proper security measures, leaving sensitive business and personal data vulnerable to unauthorized access. Our product ensures 100% secure citizen development within enterprises,"— notes Yair Finzi**, co-founder and СЕО of Nokod Security.**

"Low-code / no-code apps are being widely deployed, but the shared security model, as in other domains, only helps customers up to a certain point, and then they are on their own. This is a huge looming security problem, and Acrew is excited to back a founding team at Nokod that can solve it," - says Mark Kraynak**, founding partner at Acrew Capital.** 

"Meron invests in leading early-stage companies with deep technologies. We are proud to invest in a pioneering company in the world of low-code / no-code security. The growth of Generative AI tools and their expected adoption in the business environment will further accelerate the adoption of low-code / no-code development. However, there is currently no real solution to this new attack surface. Nokod has the right team to solve it at the right time," - adds **Liron Azrielant, managing partner at Meron Capital.**

"We invest in cybersecurity startups and place our bets on their teams. With Nokod, we are confident in their founders' extensive experience in web application security, which is a critical factor for both small and medium-sized businesses as well as for large enterprises," — notes Sergey Gribov**, partner at Flint Capital.**

The global cybersecurity market was valued at $163.53 billion in 2019 and by 2030, the market is forecast to have a value of $430.46 billion. The low-code development platform market size is projected to reach 

**About Nokod Security**

Nokod Security is a Tel Aviv\-based startup providing a platform that enables organizations to secure their low-code / no-code custom applications and Remote Process Automation (RPA) by scanning them for security and compliance issues and applying customized auto-remediation policies.

The company was founded in 2023 by Yair Finzi, serial entrepreneur and former co-founder of SecuredTouch (acquired by Ping Identity), and Amichai Shulman, former co-founder and CTO of Imperva, a multibillion-dollar cybersecurity company that was a pioneer in the web application firewall (WAF) and database security categories.

SOURCE Nokod Security

Nokod Raises $8M Seed Round From Seasoned Cybersecurity Investors to Enhance Low-Code/No-Code App Security

The APT35 group (aka Charming Kitten) has added backdoor capabilities to their spear-phishing payloads — and targeted an Israeli reporter with it.

The Iran-linked threat group known as APT35 (aka Charming Kitten, Imperial Kitten, or Tortoiseshell) has updated its cyberattack arsenal with improved abilities to hide its actions, as well as an upgraded custom backdoor that it's distributing via a spear-phishing campaign.

The advanced persistent threat (APT) has been alleged to be operating out of Iran and primarily concerned with collecting intelligence by compromising account credentials and, subsequently, the email of individuals they successfully spear-phish.

According to a blog post published by Volexity, the group has recently attempted a spear-phishing campaign targeting an Israeli journalist with a "draft report" lure. The "draft report" was a password-protected RAR file containing a malicious LNK file which downloaded a backdoor.

The incident was a highly targeted attack; prior to sending malware to the victim, the attackers asked if the person would be open to reviewing a document they had written related to US foreign policy. The target agreed to do so, since this is not an unusual request in the journalism line of work, but APT35 didn't send it right away — instead, the attackers continued the interaction with another benign email containing a list of questions, to which the target then responded with answers. After multiple days of benign and seemingly legitimate interaction, the attackers finally sent the "draft report" loaded with malware.

Toby Lewis, global head of threat analysis at Darktrace, says APT35's targeting profile is very much in the theme of what you'd expect to see from a group associated to the Iranian government. He says: "This is a group that's trying to be bespoke, be stealthy, and stay under the radar, and so to do that you're also going to really focus your social engineering to try and improve that return on the investment."

**PowerStar Malware & Evolving Spear-Phishing Techniques**

In this most recent campaign, it delivered the PowerStar malware — an updated version of one of its known backdoors, known as CharmPower — which it sent via an email containing an .LNK file inside a password-protected .RAR file.

When executed by a user, the .LNK file downloads PowerStar from the Backblaze hosting provider and attacker-controlled infrastructure, according to Volexity's report. PowerStar then collects a small amount of system information from the compromised machine and sends it via a POST request to a command-and-control (C2) address downloaded from Backblaze.

Volexity believes this variant of PowerStar to be especially complex, and suspects that it is likely supported by a custom server-side component, which automates simple actions for the malware operator. Also, a decryption function is downloaded from remotely hosted files which hinders detection of the malware outside of memory and gives the attacker a kill switch to prevent future analysis of the malware's key functionality.  
"With PowerStar, Charming Kitten sought to limit the risk of exposing their malware to analysis and detection by delivering the decryption method separately from the initial code and never writing it to disk," the company said. "This has the added bonus of acting as an operational guardrail, as decoupling the decryption method from its command-and-control server prevents future successful decryption of the corresponding PowerStar payload."

Lewis says that quest for return on investment for APT groups sometimes drives relatively unsophisticated, low-effort campaigns, but more often, "you've got groups that are going to get as sophisticated as they need to be to meet their objectives." What that means can run the gamut: Some will be able to develop zero days, as opposed to just using something they got from somebody else; others will demonstrate sophistication in how they manage and control their infrastructure.

The latter is the case with APT35. "When you've got the trade craft that we've got this group using, effectively bringing down custom payloads, it's bringing down different modules from third party services," he says. "Each different payload is going to be a little bit different, a little bit tweaked, and a little bit tuned, and ... that sort of approach is absolutely what you'd expect to see."

Nonetheless, Volexity researchers said they regularly observe operations from the APT, but finds the group to rarely deploy malware as part of their attacks. "This sparing use of malware in their operations likely increases the difficulty of tracking their attacks," according to the firm.

APT35 has been active for more than a decade. According to a 2021 blog from Darktrace, APT35 has in that time launched extensive campaigns against organizations and officials across North America and the Middle East; public attribution has characterized APT35 as an Iran-based nation state threat actor. Recent campaigns were suspected to be in service to Iran's potential physical targeting of dissenters for kidnapping and other kinetic ops.

Iran-Linked APT35 Targets Israeli Media With Upgraded Spear-Phishing Tools

Cyberattacks against organizations in some African nations increased significantly in 2022, despite a major expansion in cybersecurity hiring to support cloud and digital migration.

Cyberattacks against large enterprises in African nations ramped up in 2022, with Kenyan businesses reporting an 82% increase in such attacks, while South African and Zambian businesses recorded a 62% increase each.

According to a report from pan-African technology group Liquid C2, the top method of attack was via phishing or spam attacks (61%), with another 48% of incidents using compromised passwords. 

Jess Parnell, vice president of security operations at Centripetal, suspects that it's likely that cyberattackers are targeting businesses in Kenya, South Africa, and Zambia because they are all emerging economies with growing business sectors.

"Attackers may see these countries as attractive targets due to the potential for financial gain through various cybercrime activities, such as data theft, ransomware attacks, or financial fraud," he says.

Anna Collard, security evangelist at KnowBe4 Africa, says she feels the majority of attacks are still mostly opportunistic, such as ransomware gangs working through lists of compromised networks or credentials they get from access brokers, but the emerging economy aspect is certainly a factor in the targeting. 

"Ransomware-as-a-service groups shift their attention more towards emerging economies to get away from US based retaliation," she says, "and this makes Southern Africa or any economy with higher cyber-dependency on the continent an attractive target."

**Africa Sees Increasing Cybersecurity Hiring **

Africa faces a growing 100,000-person gap in the number of certified cybersecurity professionals, according to the Liquid C2 report; yet all respondents in the report highlighted that they had advanced significantly in their cloud and digital strategies as well as in related cybersecurity capabilities.

Furthermore, 68% said they had appointed cybersecurity staff members, or signed up with a cybersecurity team, in the past year. Kenya had the highest percentage at 82%, followed by South Africa (63%) and Zambia (62%).

Parnell says the fact that attacks persisted regardless of the number of staff hired or cybersecurity investments suggests that simply investing in cybersecurity measures does not guarantee protection against cyber threats.

"Cybercriminals continually evolve their tactics, making it challenging for businesses to stay ahead of them," he says. "Therefore, it is crucial for organizations to adopt a proactive approach to threat intelligence powered cybersecurity and continuously update their defenses to mitigate risks."

He adds, "Defending against cyberattacks requires a multi-layered approach that includes implementing robust security measures, raising employee awareness about phishing and other common attack vectors, regularly updating software and systems, conducting vulnerability assessments, and promptly responding to security incidents. By prioritizing cybersecurity and taking proactive measures, businesses can better defend against attacks and minimize the potential impact of successful breaches."

Likewise, Klaus Schenk, senior vice president of security and threat research at Verimatrix, says that increasing cybersecurity staff could actually draw the wrong kind of attention: "In general, hiring specialized staff alone may not necessarily lead to a reduction in the number of cyberattacks. In some cases, it might even attract the attention of malicious actors who view it as a challenge or an opportunity to demonstrate their skills."

That said, clearly the benefits outweigh the risk, he adds. "Augmenting your cybersecurity team can significantly mitigate the impact of cyberattacks on your business," he notes. "The ultimate goal should be to minimize the occurrence of such attacks and ideally achieve a state where they have no impact whatsoever."

African Nations Face Escalating Phishing & Compromised Password Cyberattacks

As cybercrime amidst the Russia-Ukraine war continues to escalate, the DDoSia project, launched by a known hacktivist group, has exploded in its number of members and quality of tools used for attacks.

After being launched by Russian hacktivist group "NoName057(16)" in the summer of 2022 and quickly gaining a substantial number of members and active users, the crowdsourced DDoS project known as "DDoSia" has grown exponentially, by 2,400%.

The platform now has 10,000 active members compared with the 400 it had when it first launched. It also has 45,000 subscribers on its primary Telegram channel, compared with just 13,000 last summer. With this growth comes more individuals helping conduct attacks on Western organizations, and better tools to deploy these attacks, such as introducing binaries for all major OS platforms.

Through data collected by Sekoia, analysts found that the targets of these DDoS attacks between May 8 and June 26 of this year were, for the most part, Lithuanian, Ukrainian, and Polish (39%). This is presumably due to the fact that these countries have made public declarations against Russia during the Russia-Ukraine war. During this time frame, the hacktivist group targeted 486 websites, including Ukrainian education and government sites, and French banking websites.

"NoName057(16) is making efforts to make their malware compatible with multiple operating systems, almost certainly reflecting their intent to make their malware available to a large number of users, resulting in the targeting of a broader set of victims," Sekoia analysts stated in a blog post. "\[We\] assess that strengthening the security of their software is part of NoName057(16)'s efforts to continuously develop their capabilities, almost certainly driven by their active community as well as the increasing scrutiny of their activities from the CTI community."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Russian Hacktivist Platform 'DDoSia' Grows Exponentially

Cybersecurity leaders should strive to reward high-performing teams that are powered by high levels of inclusion.

As more organizations try to dovetail diversity, equity, and inclusion (DEI) efforts with the broader business goal of bridging the growing cybersecurity talent gap, diversity is gaining considerable attention in cybersecurity leadership discussions in 2023.

But security and workforce development experts say that the push isn't just about the staffing numbers game or the warm fuzzies of fairness. Those passionate about DEI in cybersecurity argue that bringing in a more diverse set of backgrounds and thinking patterns is also crucial to coming up with new ways of thinking about security problems.

"If we don't do it for empathy and our care for everybody else, then we should be doing it because our attackers are diverse. Do it because we won't win otherwise in this fight of protecting our business," says Deidre Diamond, CEO and founder of CyberSN, a cybersecurity staffing firm. "It takes investing, caring for, and developing people, and it takes going out of our way to do so. I do believe it needs to be done for everybody but certainly for minorities more."

**Words Matter**

As organizations develop their initiatives for bringing in a more diverse cyber workforce, they have to be mindful that the path to DEI failure is often paved with good intentions. While building a diverse and high-performing team of cybersecurity pros takes not only intentional recruitment and development of minority populations, organizations have to be wary that the very efforts that they're taking don't end up alienating the diverse people they're trying to attract.

"Understand that the words we're choosing could actually be sending out language that is turning folks away," says Christy Wyatt, president and CEO of Absolute Software. "The exact people you're trying to bring into the organization, you might be pushing away."

This might come into play in recruitment when the pitch to a highly talented recruit leads with diversity goals rather than a discussion of their skills or learning capacity. Or it could be more subtle cues after employment has been established that cause alienation — for example, by recognizing high-performers not for their accomplishments but their demographic identity. Or maybe it's a lack of communication altogether, such as by making all of those new diversity hires but failing to follow through with internal engagement and development so they feel like they're a contributing member to the team rather than a statistic.

"Think of it this way: If you're sitting in a room and you are the only person that looks like you or has your background, how are you made to feel like you have a voice?" says RegScale CISO Larry Whiteside, Jr., who is also co-founder and president of Cybersity, a nonprofit focused on supporting the academic and professional success of minority cybersecurity pros. "Once we get these people that we are looking to fill roles from these diverse communities, if we aren't reaching out internally, they're going to leave. Organizations have to be very purposeful in how they communicate and work with these people to make sure that they are getting their voice heard."

**'Inclusion Is the How'**

As a technology leader of 25 years who went through a computer science program during a time when she was often the only girl in the classroom, Wyatt has lived the good, the bad, and the ugly of diversity programs. She has spent a long time honing her technical acumen and business skills. She excelled in that room full of boys, climbed the rungs of the corporate ladder, and earned her seat at the boardroom table of numerous organizations. Along the way, certain programs and initiatives have helped and supported her — and others have decidedly not.

"My experience comes from being the target of those programs. I think that gives me a unique view," Wyatt says, "because in some cases that was incredibly empowering. Somebody saw me, and they valued me, and they gave me some support," she says. "In other cases, they identified me and isolated me, and it made me stand out. I did not love it."

As a leader at Absolute and a board member of several organizations, Wyatt is now on the other side of the fence, championing for change. One of the mantras that she tries to keep in mind is that "culture is a function of what you reward," she says. And while being transparent about DEI stats may be an important step in fostering trust both within and outside the organization, those may not be the metrics that organizations want to be tuning their biggest rewards against. 

"Inclusion is the how. It's not the what," Wyatt points out. "We want to reward the performance. We want to reward that the business is getting faster. We want people to understand that this is a result of the investment we're making in our business by creating a more diverse organization — that's what's driving the performance."

At Absolute, Wyatt has pushed for a culture that values high-performing teams by rewarding the performance of the teams and not the individuals. People get paid the same for their role across the board, and when teams hit their profitability and growth targets, everybody gets a bonus.

"That's important because we need folks to make the connection that we all win when we have a broader set of perspectives, a broader set of approaches to solving problems, and we are doing it in one inclusive way," she says.

In addition to financial rewards, the way a company promotes and celebrates diversity successes will also set the tone for cultural values and can make all the difference in creating an atmosphere that retains diverse talent. Wyatt tells a story of how during the run-up to the last cybersecurity awareness month, her team was musing on the positive impact from building a cybersecurity team that is more than 50% female — comprised of highly talented individuals and many Ph.Ds. The initial proposal was to bring a selection of those women to talk about diversity at the company's all-hands meeting. Wyatt says she nudged a slight shift in that direction. She urged that they shouldn't focus primarily on the diversity but, rather, celebrate their cybersecurity work, their credentials, and allow them to "talk about the kick-ass job they're doing to protect our company."

"Now, of course, everybody saw who was standing on the stage. It's not that we didn't talk about diversity. It's not that we didn't mention it, that we didn't call it out," she says. "But it was a way of talking about this as a part of something that was fueling an impact on the business. It was a part of what was fueling the impact. It was a part of something that was fueling performance, that is something we want to share, as opposed to just making \[diversity\] the headline."

Make Diversity the 'How,' Not the 'What,' of Cybersecurity Success

One Peak investment will advance the ubiquity of network assurance, helping organizations to reduce network complexity, assure network automation, and improve network security.

**NEW YORK****,** **June 29, 2023** **/PRNewswire/ --** IP Fabric, the market leader in automated network assurance, today announced that it has closed a $25m Series B funding round led by One Peak with the participation of Senovo and Presto Ventures. This will fuel IP Fabric's mission of making network assurance ubiquitous so that people, businesses, and governments can operate without the exponential risk of network failures or outages.

IP Fabric is a pioneer in network assurance, helping organizations to overcome network complexity, assure network automation, and improve network security. Network assurance is becoming critical for managing private network infrastructure which combined globally is vastly larger than the Internet and forms the backbone of the modern economy. This infrastructure is now the foundation for every part of modern life, from our airports and factories to public utilities and financial systems.

However, rising complexity is making it much harder for humans to understand and manage networks. This makes network automation risky – automation without assurance will lead to unpredictability if organizations cannot see whether automation has had the intended effect, and that it hasn't negatively impacted the rest of the network. Rising complexity also makes it impossible for organizations to identify and eliminate network vulnerabilities, creating multiple blind spots for attackers to potentially exploit. These challenges have created a perfect storm that is putting network resilience at risk.

_"Without network assurance we are leaving network resilience to chance,"_ comments Pavel Bykov, CEO, IP Fabric._"We've seen how network outages can cause businesses and critical infrastructure to grind to a halt, but amidst rising complexity and the need to ensure control in the face of rising cyber threats while adhering to regulatory compliance, enterprises lack the means to assure operations for their entire network end-to-end. IP Fabric delivers the network assurance needed to operate without the exponential risk of network failure or outages while enabling innovation through standardized access to network control data. Organizations must act now because building operational control without a validated baseline provided by network assurance will lead to gaps and unknown unknowns which ultimately cause outages and security incidents that impact people, businesses, critical infrastructure, and governments."_

IP Fabric is an API-first platform that rapidly discovers, models and visualizes complex networks down to the wire, giving end-to-end visibility and control over an organizations' entire network infrastructure. IP Fabric was recognized as a Gartner Cool Vendor in Network Automation and came 8th in the Deloitte Technology Fast 50 with a CAGR of 160% over the past 4 years. Today, IP Fabric works with over a hundred enterprise customers globally, including Airbus, Air France, Major League Baseball, Red Hat, HCL Technologies, Avast and Blackberry.

_"Enterprise networks are becoming increasingly complex, which makes the requirement to discover, model and visualize large networks a priority,"_ comments Humbert de Liedekerke, Co-founder and Managing Partner of One Peak. _This is especially important, when, as Gartner has reported, only 26% of network leaders maintain accurate network data, massively hindering the effectiveness of automation initiatives for 74% of enterprises. Automation must be assured, secure and able to operate effectively in complex network environments. Enterprises can't risk automating in the dark – networks are too important for guesswork that could expose vulnerabilities or cause outages. This is why IP Fabric's unique ability to help enterprises understand, automate, and secure complex networks is so critical_ _to enable the future of network automation."_

Prior seed and Series A investment rounds were conducted with Senovo, Presto Ventures, and Credo Ventures. 

**ABOUT IP FABRIC**

IP Fabric is a powerful Intent-Based Networking technology enabling modern enterprise network operations. A vendor-neutral, API-first automated network assurance platform, IP Fabric discovers, verifies, visualizes, and documents large-scale networks holistically, reducing costs and resources while improving security and efficiency. Ensure smooth migration and transformation projects while simplifying network planning, testing, and troubleshooting. Eliminate business-impacting inefficiencies and continuously verify policy compliance with a standardized, consumable view of your multi-domain network, end to end. Accelerate and refine programmability, automation, and network analytics with accessible, accurate, and contextualized network data at your fingertips. IP Fabric helps organizations including Airbus, Air France, Major League Baseball, Red Hat, HCL Technologies, Avast, and Blackberry overcome complexity, implement effective network automation, and improve network security. For more information, visit www.ipfabric.io

**ABOUT** **ONE PEAK**

One Peak is a leading growth equity firm investing in technology companies in the scale-up phase. One Peak provides growth capital, operating expertise, and access to its extensive network to exceptional entrepreneurs, with a view to help transform innovative and rapidly growing businesses into lasting, category-defining leaders. In addition to IP Fabric, One Peak's investments include Ardoq, Cymulate, Deepki, DocPlanner, Keepit, Lucca, Neo4j, Orgvue, Pandadoc, Spryker, and many more. To learn more, visit www.onepeak.tech.

**ABOUT SENOVO**

Senovo is an early-stage venture capital firm based in Munich and Berlin that partners with exceptional founders building global B2B SaaS category-leaders from Europe. As European first-mover, the fund invests since 2013 into a new generation of B2B software startups which enable the digitalization of medium and large enterprises. Their focus is primarily on supporting teams working in the areas of process optimization, industry 4.0 and data-enabled solutions. Senovo joins the journey after a company has first revenues in a late Seed or Series A round. Their team of SaaS specialists seek meaningful eye-level relationships and regularly publish their learnings and thought leadership at www.medium.com/senovovc. For more information, visit: www.senovo.vc.

**ABOUT PRESTO VENTURES**

Presto Ventures is a Prague\-based investment firm focused on early-stage B2B software startups and online marketplaces led by founders from the CEE region. With over 50 portfolio companies and counting, Presto Ventures stands out as one of the region's most dynamic venture capital firms. In 2022 alone, they successfully closed 24 new deals. Backed by entrepreneurs, family offices, and exited startup founders, Presto serves as a vital link that connects the flourishing CEE tech ecosystem with major Western markets. Besides IP Fabric, Presto's notable investments include Cloudtalk, Ready Player Me, Woltair, Oddin, Sharry, Yieldigo, Omofox, Inventoro, Finmap, Okredo, and Zypl.ai. For more information, visit: www.prestoventures.com

SOURCE IP Fabric

IP Fabric Announces $25M Series B Funding to Accelerate Adoption of Network Assurance

The detection model identifies LLM patterns to counter the rising abuse of generative AI in social engineering attacks.

**(Tel Aviv, Israel – June 29, 2023) —** Perception Point, a leading provider of advanced threat prevention across digital communication channels, today reveals its latest detection innovation, developed to counter the emergent wave of AI-generated email threats. The AI-powered technology leverages Large Language Models (LLMs) and Deep Learning architecture to effectively detect and prevent Business Email Compromise (BEC) attacks, a cyber threat which is currently undergoing a seismic shift due to the rise of Generative AI (GenAI) technologies. 

Threat actors are increasingly abusing evolving GenAI technology to perpetrate more sophisticated, highly targeted attacks against organizations of all sizes. Newly democratized capabilities, including the creation of high-quality, human-like outputs such as personalized emails, have transformed GenAI into a potent tool for cybercrime, particularly in the realm of social engineering and BEC attacks, which have scaled to new heights over the past year. BEC accounted for over 50% of incidents involving social engineering according to the DBIR 2023 Report, while Perception Point's 2023 Annual Report revealed an 83% growth in BEC attempts.

In response to this escalating threat, Perception Point has developed an LLM-based detection model, innovatively harnessing the power of Transformers, AI models capable of understanding the semantic context of text - mirroring the technology behind popular LLMs like OpenAI’s ChatGPT and Google’s Bard. This approach enables Perception Point's solution to identify the unique patterns in LLM-generated text, a critical factor in detecting and thwarting GenAI-based threats - a task traditional security vendors fail to achieve using contextual and behavioral analysis.

The model processes incoming emails at an average of 0.06 seconds, aligning with Perception Point’s ability to dynamically scan 100% of content in near real-time. It has initially been trained on hundreds of thousands of malicious samples caught by Perception Point, and is continuously updated with new data to maximize its effectiveness. 

"Amid an increasingly complex threat landscape, there is an urgent need for cutting-edge defenses against GenAI-powered threats," said Tal Zamir, CTO of Perception Point. "We’re being challenged as an industry with yet another avenue that bad actors have come to exploit in their ever-expanding range of attacks. By reversing this dynamic and proactively leveraging AI for detection, we are able to prevent these threats before they even reach the user’s inbox – a paradigm shift in the fight against BEC attacks.”

To minimize false positives, resulting from the widespread use of generative AI for crafting legitimate emails, Perception Point utilizes a unique 3-phase architecture. After initial scoring, the model categorizes the email content using Transformers and clustering algorithms, integrating insights from these steps with additional data such as sender reputation and authentication protocol information. This process allows the model to accurately predict whether the email is AI-generated and if it potentially poses a threat.

As GenAI continues to rise, Perception Point is leading the charge with its AI-powered cybersecurity solution. By leveraging the patterns in LLM-generated content, advanced image recognition, anti-evasion algorithms and patented dynamic engines, Perception Point provides a robust and proactive defense, neutralizing threats before they ever reach the user.

Discover more about Perception Point's cutting-edge approach to combating GenAI-generated content attacks **here**. 

**About Perception Point**

Perception Point is a Prevention-as-a-Service company for the fastest and most accurate next-generation detection and response to all attacks across email, cloud collaboration channels, and web browsers. The solution's natively integrated incident response service acts as a force multiplier to the SOC team, reducing management overhead, improving user experience and delivering continuous insights; providing proven best protection for all organizations.

Deployed in minutes, with no change to the enterprise’s infrastructure, the patented, cloud-native and easy-to-use service replaces cumbersome legacy systems to prevent phishing, BEC, spam, malware, Zero-days, ATO, and other advanced attacks well before they reach end-users. Fortune 500 enterprises and organizations across the globe are preventing content-borne attacks across their email and cloud collaboration channels with Perception Point.

Perception Point Unveils AI Model to Thwart Generative AI-Based BEC Attacks

The new network visibility mandate provides a good foundation for identifying risks and building better security programs at federal agencies.

By April, all federal agencies were required to begin complying with a new mandate from the US Cybersecurity and Infrastructure Security Agency (CISA) to "make measurable progress toward enhancing visibility into agency IT assets and associated vulnerabilities." In plain language, this means they must get better at monitoring their assets and evaluating their security vulnerabilities.

While complying with Binding Operational Directive 23-01 (BOD 23-01) won't on its own make agencies secure, it does provide a good foundation for identifying risks and building better security programs. Ultimately, federal IT directors will need to go beyond the letter of these BOD requirements and think about how they can use these new capabilities to improve their network operations and security processes.

**Understanding CISA BOD 23-01**

The new mandate focuses on two activities that are essential to improving operational compliance at scale for a successful cybersecurity program: asset discovery and vulnerability enumeration.

**Asset discovery** means finding all network-addressable assets that reside on an agency's network infrastructure by identifying all the associated IP addresses (hosts). This typically does not require special logical access privileges and is vital information for more advanced analytics and security investigations. But discovering networked assets gets harder as networks get bigger, more complex, and virtualized, and as users connect from more locations using a wider range of devices. Most concerning for CISA are bring-your-own (BYO) and other unauthorized devices that have acquired addresses and are present on the network but should not be. Discovery solves both problems: confirmation of approved devices that are present, and detection of devices that are present but are unauthorized.

**Vulnerability enumeration** identifies and reports suspected vulnerabilities on network assets. It detects host attributes (for example operating systems, applications, and open ports) and attempts to identify security flaws and issues such as outdated software versions, missing updates, and misconfigurations. It also involves tracking compliance with or deviations from security policies by identifying host attributes and matching them with information on known vulnerabilities.

The mandate specifies several general requirements that federal agencies must meet, including:

*   Performing automated asset discovery every seven days to maintain an inventory of devices
*   Identifying software vulnerabilities using privileged or client-based means where technically feasible (to provide the deepest inspection of access issues)
*   Tracking how often the agency enumerates its assets, what coverage of its assets it achieves, and how current its vulnerability signatures are
*   Providing this asset and vulnerability information to CISA's Continuous Diagnostics and Mitigation (CDM) federal dashboard

The mandate also includes more specifics such as how often to perform asset discovery and vulnerability enumeration, how to conduct those scans, and requirements for reporting this data to CISA. Importantly, CISA doesn't specify how to meet any of these objectives but leaves it up to the discretion of each agency's IT leadership.

**What This Means for Federal Agencies**

It's clear from this mandate that the old approach of doing compliance assessments every few years won't be sufficient. Agencies will need to build or buy a network automation and visibility solution that allows them to discover assets and find vulnerabilities at scale and across domains while also providing regular, ongoing status reporting.

Meeting these requirements doesn't mean an agency will be safe from cyberattacks, but it does help improve the security of IT resources. For instance, asset visibility is necessary for updates, configuration management, and other security and lifecycle management activities that significantly reduce cybersecurity risk, along with exigent activities like vulnerability remediation. But for a network topology with the scale and complexity of the federal government — with its broad deployment of devices and virtualized services — automation is the only realistic way to conduct security best practices (like updating device firmware with security patches, changing passwords regularly, and preventing firewall configuration drift).

**Complying With BOD 23-01**

The new CISA mandate stems from the realization that the historical approach of allowing individual agencies to determine how best to secure their networks isn't working. In practice, resource-constrained agencies deprioritized aggressive secure-access verification. They also did not fully account for how frequently their networks would change due to new technologies, new applications, and new projects all making the problem worse. This ultimately led to the declining security of federal IT infrastructure.

However, given that this new mandate does not come with any additional funding to meet it, agencies must rethink how they use existing operational and engineering resources to perform all the required visibility and vulnerability assessments in the weekly timeframes specified. In fact, they will need a solution that democratizes network automation to better leverage their available subject matter experts to define the required topology, secure access, and compliance needs. While a single engineer can test a device or create a vulnerability scan once, automation can continuously replicate and execute that work any number of times across the entire infrastructure automatically.

**Putting it All Together**

The reality is this automated approach is the only way to effectively meet the requirements of the BOD 23-01 mandate. Automation can apply accepted best practices — or any repetitive network task like those embodied in BOD 23-01 — at scale.

All in all, the BOD 23-01 mandate is a welcome first step toward securing the US federal government's digital footprint. Understanding what is connected and its vulnerability in near real-time will go a long way to identifying potential problems and possible attack vectors before they can be exploited. Federal IT directors must go beyond traditional labor-intensive approaches and consider network automation if they hope to successfully meet the mandate's requirements.

Source

DARKReading