Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable.

Pro-Russian hacktivist group Killnet this week launched distributed denial-of-service (DDoS) attacks on networks belonging to 14 major US hospitals in its continuing retaliation campaign against entities in countries the threat actor perceives as hostile to Russian interests in Ukraine.

The attacks — like most Killnet attacks since Russia's invasion last February — appear to have done little to seriously disrupt network operations at any of the targeted organizations, which included Stanford Health, Michigan Medicine, Duke Health, and Cedars-Sinai.

**Designed to Garner More Support**

That said, they are likely going to garner Killnet more support from other like-minded hacktivists in Russia and elsewhere, and possibly even fuel investments into its operations from others, making them more dangerous in the process, security experts said this week.

"Killnet has been actively attacking anyone who supports Ukraine or goes against Russia for almost 12 months now," says Pascal Geenens, director of threat intelligence at Radware. "They have been dedicated to their cause and have had the time to build experience and increase their circle of influence across affiliate pro-Russian hacktivist groups."

Killnet surfaced last year, soon after Russia invaded Ukraine in February. Since then, the group has carried out a series of often high-profile DDoS attacks on organizations in critical infrastructure sectors in the US and multiple other countries. Their victims have included airports, banks, defense contractors, hospitals, Internet service providers, and the White House.

Killnet's latest DDoS campaign this week against hospitals in the US and medical institutions in multiple other countries, including Germany, Poland, and the UK, were likely motivated by the recent US-led decision by NATO countries to send battle tanks to Ukraine. However, the impact of these attacks remains questionable.

**Killnet's Questionable DDoS Impact**

Mary Masson, director of public relations at Michigan Medicine, for instance, says Killnet's DDoS attacks hit multiple of its websites on Jan. 30, including uofmhealth.org and mottchildren.org. Masson describes the attacks as causing "intermittent problems" for some of Michigan Medicine's public-facing websites hosted by a third-party service provider. 

"None of the sites impacted contain patient information, and all patient information is safe," she notes. "Patients were always still able to access the patient portal via myuofmhealth.org." The websites were all back to almost normal operations a day later, on Jan. 31.

Sally Stewart, associate director of media relations at Cedars-Sinai, describes Killnet's DDoS attack as having a similarly low impact on the hospital's operations: "The Cedars-Sinai website experienced a brief service interruption early Monday morning that has resolved. The website remains fully functional," Stewart said in an emailed statement to Dark Reading.

Stanford Healthcare and Duke Health did not immediately respond to Dark Reading's request for comment.

"They are not as disruptive as they claim to be," Geenens says, adding that Killnet’s main objective is attracting attention and getting their pro-Russian message heard. "They go after targets that are visible to the larger public, such as public websites of institutions, governments, and organizations." Often the resources the group has targeted are not business-critical. 

**A Mistake to Underestimate**

That does not mean the group can be ignored, however. In an advisory following the recent DDoS attacks, the American Hospital Association described Killnet as an active threat to the healthcare industry. 

"While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days," the AHA warned. Killnet's links to Russia's Foreign Intelligence Service remain unconfirmed, AHA noted, "\[but\] the group should be considered a threat to government and critical infrastructure organizations, including healthcare."

Importantly, Killnet's pro-Russian DDoS crusade has also begun attracting many more followers and fans. Daniel Smith, head of cyber-threat intelligence at Radware, says the number of subscribers for @Killnet\_reserve on Telegram grew from about 34,000 subscribers to 85,000 subscribers in June 2022. "Just for comparison, IT Army of Ukraine has over 200,000 subscribers, but has been losing subscribers since March 2022," he says.

The group has focused quite a bit on publicity via its Telegram channel, which it also uses to encourage followers to conduct DDoS attacks of their own.

**Jewelry and Rap Anthems: Growing Killnet Support**

Radware's Geenens points to affiliate Russian groups such as NoName and the Passion Group offering their DDoS botnets to Killnet for carrying out attacks as one indication of the growing support it has begun attracting within Russia. 

Other signs of the support that Killnet has mobilized in recent months include a song in the gang's honor, titled “KillnetFlow (Anonymous diss)” by a Russian rapper, and the sale of Killnet-related jewelry by a Moscow-based jewelry maker called HooliganZ. Killnet has also received some $44,000 worth of financial support from a Dark Web marketplace called Solaris, according to Radware. 

"Killnet’s influence, reach, and skills are growing, and they are not showing signs of slowing down or retiring soon," Geenens warns.

It's unclear how, if at all, Killnet will leverage its growing support, or whether it will pivot to other, more dangerous forms of attack. Aleksandr Yamploskiy, co-founder and CEO at SecurityScorecard, notes how Killnet began as a financially motivated operation offering a botnet for hire. But it has since become more of a hacktivist collective, conducting a series of relatively low-sophistication DDoS attacks against targets it perceives to oppose the Russian invasion of Ukraine. "Killnet has historically made use of open proxy IP addresses and publicly available scripts in its attacks," he says.

What makes the group now potentially more dangerous are its growing reach and skills, Radware's Smith adds. A few months ago, Radware's assessment of the risk posed by a pro-Russian hacktivist group such as Killnet would have been low, he explains. "But after 12 months of building their experience," he says, "advancing their tools and growing their social network, I’m more likely to increase that risk to moderate."

While there's no reason for panic, it is better to err on the side of caution and be prepared. "Everyone in the security community knows it does not take extremely skilled or sophisticated actors to disrupt or cause impact to an organization or infrastructure," Smith adds.

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Companies need to be aware of the work culture they foster. Diversity and inclusion aren't just buzzwords. Increasing female visibility and improving female mentoring to help women enter and advance within the cybersecurity industry are key steps forward.

Globally, about a quarter of cybersecurity jobs belong to women, which unfortunately doesn't quite correlate with the worldwide female population of 49.58%. We're not saying that every industry needs to have a perfect 50/50 split, but with cybersecurity being a male-dominated industry, it's time companies addressed the challenges women face when joining the cybersecurity workforce by striving for a more diverse workplace.

While progress has been made over the last decade (women occupied only 10% of cybersecurity jobs in 2013), more headway needs to be made. From a lack of industry role models to poor media representation and an absence of mentoring, women face a plethora of challenges in cybersecurity.

So, what are the top three obstacles women face?

**Underrepresentation in the Media**

The media plays a crucial role in creating and maintaining stereotypes. TV shows and films often push concepts and cliches that are then subconsciously accepted as fact by viewers.

Children are easily influenced by media stereotypes and, therefore, can be led into gendered thinking, particularly regarding jobs. This reasoning can then heavily influence a person's perception of the real world, including their life aspirations and career choices. For example, Navy recruitment went up 500% following the release of _Top Gun_, starring Tom Cruise.

In the 1990s, one show was proven particularly effective in persuading women to enter STEM occupations — _The X-Files_, with Gillian Anderson playing Dr. Dana Scully. A recent report looking into the "Scully effect" showed that as the only female STEM character on prime-time TV in the '90s, she had a significant impact on the female viewer base. The report revealed that 63% (PDF) of the women studied said Dana Scully increased their belief in the importance of STEM subjects.

These examples indicate how important representation is in the media and display how a lack of visibility can distort a viewer's perception of what they can achieve. It's time for the media to understand and recognize their influence and the stereotypes they enforce.

**Male-Dominated Workplaces Can Come With Several Issues**

With cybersecurity being made up of only about 25% women, this officially classes the industry as male dominated. Ask any woman; the thought of entering a workplace full of men isn't an enticing one. This is likely one of the reasons why, in 2021, only 6.5% (PDF) of US women worked in a male-dominated occupation.

With issues regarding the gender pay gap, sexual harassment, underrepresentation, lack of mentoring, and negative stereotyping, it's no wonder that women aren't running to join male-dominated workplaces en masse. For these points to be tackled, they need to be addressed from the top down. Cybersecurity leaders must be aware of the work culture they're fostering and be open to discussing and tackling any issues they find, however uncomfortable that may be.

A 2017 survey by the Pew Research Center found that women in male-dominated industries were more likely to be harassed than women working in female-dominated sectors. Therefore, businesses must create a safe space for employees, particularly women, to report any harassment and unwanted behavior at work. Another initiative for cybersecurity companies to establish is female mentor programs, which help to support their female workers, aid in their professional growth, and close the gender gap in cybersecurity.

**Lack of Industry Role Models**

While kids these days may not be hanging posters of their favorite celebrities in their bedrooms or lockers anymore, role models are still crucial. The importance of role models is often underplayed. Having a visible representation of what is possible encourages people to push boundaries, strive to be better, and be more ambitious.

Crest's report — "Exploring the Gender Gap in Cybersecurity" — found that 59% of women polled had a "mixed" experience within the cybersecurity industry as they received some support but also faced many challenges. The report identified two key areas for improvement: increasing female visibility and improving female mentoring to help women enter and advance within the industry.

The problem with a lack of role models is its knock-on effect. With fewer women in the industry to look up to, this can discourage women from entering and perpetuates disparity. It's time to disrupt this cycle.

Diversity and inclusion lead to a more rounded perspective, with various team members bringing different points of view, allowing them to solve new problems. While women's current obstacles in cybersecurity won't disappear overnight, identifying the issues and raising awareness welcomes opportunities for change and improvement. Cybersecurity is ready for a female revolution.

Beating the Odds: 3 Challenges Women Face in the Cybersecurity Industry

Gem Security provides the world's first holistic approach for Cloud TDIR, bridging the gap between cloud complexity and security operations.

**TEL AVIV, Israel****,** **Feb. 1, 2023** **/PRNewswire/ —** Gem Security today emerged from stealth, launching its Cloud TDIR (Threat Detection, Investigation and Response) platform and announcing $11 million in Seed funding led by Team8.

The adoption of cloud infrastructure is increasing and diversifying the attack surface for organizations. 90% of all organizations use more than one cloud provider\[1\]. As Gartner notes\[2\], the expansion in attack surface is rarely paralleled with coverage by detection and response initiatives, leaving organizations unaware of a variety of threat vectors. 79% of companies have experienced at least one cloud data breach in the last 18 months, with 43% of companies reporting ten or more\[3\].

While there is no lack of solutions for detection and response, legacy approaches fall short of providing a solution for the cloud era. The proliferation of cloud services across infrastructure, platforms, and software has fragmented the security landscape. Collecting and correlating the explosion of associated telemetry is both challenging and inadequate.

Gem Security goes beyond this, helping organizations act on Gartner's recommendation to implement a continuous, risk-based program to manage their threat exposure. Gem Security offers a platform that leverages existing infrastructure and solutions while offering unique automated detection, investigation and response capabilities purposely-built for cloud environments.

Gem Security supports all major infrastructure platforms - AWS, Azure, Google Cloud and Kubernetes. Furthermore, Gem's platform integrates with leading platforms like identity providers, source code repositories and secrets managers, leveraging the additional data for context analysis. Gem Security is already working with companies ranging from mid-market to Fortune 500.

"Most cloud security solutions focus on building a wall that is as tall as possible to make sure the bad guys stay out. That sounds good in theory. In practice, however, no wall is ever going to be tall enough. We offer a more realistic approach, starting from the fact that cloud environments are and will remain imperfect. If it's perfect, it's only for five minutes, and then it's going to be imperfect again.

Minimizing the potential for intrusion is only half the story. When someone jumps over the wall, we don't just raise an alarm. Gem's platform will empower your team to find and stop the intruder, automating your incident response and ensuring there is no escalation. Where others end, we begin", said Gem Security Co-Founder & CEO Arie Zilberstein.

Zilberstein co-founded Gem Security with CTO Ron Konigsberg and VP Product Ofir Brukner. Gem's founders are all security industry veterans, having spent years in the trenches responding to large-scale breaches in the cloud. They previously held key roles in elite Israeli Intelligence Corps Unit 8200 as well as Sygnia, an Incident Response and cybersecurity company working with global top tier organizations.

Gem Security's holistic approach for Cloud TDIR bridges the gap between security operations and cloud complexity. Lessons learned from years of experience working in some of the most demanding cloud environments in the world have been leveraged in building Gem's comprehensive platform, enabling organizations to:

*   **Prepare**. Optimizing coverage via a continuous Cloud Incident Readiness dashboard
*   **Detect**. Combining real-time cloud-native threat detection based on TTPs (Tactics, Techniques & Procedures) and behavioral analytics
*   **Investigate**. Enriching context across the entirety of cloud infrastructure for instant root cause analysis
*   **Respond**. Isolating risks swiftly using cloud-native entity quarantine capabilities

"Gem is redefining the cloud security operations game", said ADM Michael S. Rogers, Former Director of the NSA. "Security organizations today struggle to find cloud experts, and the complexity of cloud environments is leaving teams blind to emerging attacks. Gem empowers security operations with a simple, automated, and efficient approach that allows organizations to respond faster and minimize the impact of attacks in the cloud".

"Cloud migration brings new opportunities to enterprises, but also entails quite a few challenges and risk, including the need to adapt existing solutions to the new cloud infrastructure" said Nadav Zafrir, Managing Partner at Team8 Group and former head of Israel's elite technology Unit 8200. "We are thrilled to team up with Gem's talented founders, who have gained years of experience in incident response at Sygnia, our portfolio company, and to support their mission to build the next generation of cloud security. Gem's unique platform offers a first-of-its-kind solution to deal with the inevitable attacks on cloud environments, and is based on an intuitive, automatic, and efficient approach that allows organizations to identify cloud security events in real-time; investigate them based on behavior analysis and threat intelligence; respond quickly, and enable isolation of the threat. All this - to minimize the impact of cloud attacks."

**About Gem Security**

Gem Security is a rapidly growing Cloud TDIR platform provider that bridges the gap between security operations and cloud complexity. Headquartered in New York and Israel, Gem Security is funded by global investors, led by Team8. For more information, visit gem.security.

**About Team8**

Team8 is a venture group that builds and backs the most innovative technology companies in the fields of fintech, cyber, data, and digital health. We leverage deep domain expertise, cutting-edge technology, and first-hand company-building experience to partner with entrepreneurs in founding globally-successful companies, while also investing in early-stage companies that are active in the group's fields of interest. For more information, visit www.team8.vc.

Gem Security Emerges From Stealth With $11M, Unveils Cloud TDIR Platform for Faster Response to Cloud Threats

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

A security vulnerability has been found in Cisco gear used in data centers, large enterprises, industrial factories, power plants, manufacturing centers, and smart city power grids that could allow cyberattackers unfettered access to these devices and broader networks.

In a report published on Feb. 1, researchers from Trellix revealed the bug, one of two vulnerabilities discovered that affect the following Cisco networking devices:

*   Cisco ISR 4431 routers
*   800 Series Industrial ISRs
*   CGR1000 Compute Modules
*   IC3000 Industrial Compute Gateways
*   IOS XE-based devices configured with IOx
*   IR510 WPAN Industrial Routers
*   Cisco Catalyst Access points

One bug — CSCwc67015 — was spotted in yet-to-be-released code. It could have allowed hackers to remotely execute their own code, and potentially overwrite most of the files on the device.

The second, arguably nastier, bug — CVE-2023-20076 — found in production equipment, is a command-injection flaw that could open the door to unauthorized root-level access and remote code execution (RCE). This would have entailed not just total control over a device's operating system but also persistence through any upgrades or reboots, despite Cisco's guardrails against such a scenario.

Given that Cisco networking equipment is used worldwide in data centers, enterprises, and government organizations, and it's the most common footprint at industrial sites, the impact of the flaws could be notable, according to Trellix.

“In the world of routers, switches, and networking, Cisco is the current king of the market," Sam Quinn, senior security researcher with the Trellix Advanced Research Center, tells Dark Reading. "We would say that thousands of businesses could potentially be impacted.”

**Inside the Latest Cisco Security Bugs**

The two vulnerabilities are a byproduct of a shift in the nature of routing technologies, according to Trellix. Network administrators today have the ability to deploy application containers or even entire virtual machines on these miniature-server-routers. With this greater complexity comes both greater functionality, and a wider attack surface.

"Modern routers now function like high-powered servers," the authors of the report explained, "with many Ethernet ports running not only routing software but, in some cases, even multiple containers."

Both CSCwc67015 and CVE-2023-20076 arise from the router's advanced application hosting environment.

CSCwc67015 reflects how, in the hosting environment, "a maliciously packed application could bypass a vital security check while uncompressing the uploaded application." The check attempted to secure the system against a 15-year-old path traversal vulnerability in a Python module that Trellix itself had identified last September, CVE-2007-4559. With a "moderate" CVSS v3 score of 5.5, it allowed malicious actors to overwrite arbitrary files.

Meanwhile, the bug tracked as CVE-2023-20076 similarly takes advantage of the ability to deploy application containers and virtual machines to Cisco routers. In this case, it has to do with how admins pass commands to run their applications.

"The 'DHCP Client ID' option within the Interface Settings was not correctly being sanitized," the researchers discovered, which allowed them root-level access to the device, connoting "the ability to inject any OS command of our choosing."

A hacker who abused this power "could have a significant impact on the device's functionality and the overall security of the network," Quinn explains, including "modifying or disabling security features, exfiltrating data, disrupting network traffic, spreading malware, and running rogue processes."

The bad news doesn’t end there, though. The authors of the report highlighted how "Cisco heavily prioritizes security in a way that attempts to prevent an attack from remaining a problem through reboots and system resets." However, in a proof-of-concept video, they demonstrated how exploitation of the command-injection bug could lead to completely unfettered access, allowing a malicious container to persist through device reboots or firmware upgrades. This leaves only two possible solutions for removal: a full-on factory reset or manually identifying and removing the malicious code.

**Cisco Industrial Gear: Potential Supply Chain Risk**

If there's a silver lining to these bugs, it's that exploiting either would require admin-level access over a relevant Cisco device. A hurdle, granted, but hackers obtain administrative privileges all the time from their victims, through regular social engineering and escalation. The researchers also noted how, often, users don't bother to change the default username and password, leaving no protection whatsoever for this most sensitive account.

One must also consider the supply chain risk. The authors highlighted how many organizations purchase networking devices from third-party sellers, or use third-party service providers for their device configuration and network design. A malicious vendor could utilize a vulnerability like CVE-2023-20076 to do some very easy, subtle, and powerful tampering.

The sheer degree of access this hole provides "could allow for backdoors to be installed and hidden, making the tampering entirely transparent for the end user," the authors explained. Of course, the overwhelming majority of third-party service providers are perfectly honest businesses. But those businesses may themselves be compromised, making it a moot point.

In concluding their report, the Trellix researchers urged organizations to check for any abnormal containers installed on relevant Cisco devices, and recommended that organizations that don't run containers disable the IOx container framework entirely. Most important of all, they emphasized, was that "organizations with affected devices should update to the latest firmware immediately."

To protect themselves, users should apply the patch as soon as possible.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

**Los Altos, CA — February 1, 2023** — Contrast Security (Contrast), the code security platform built for developers and trusted by security,today announced the launch of its new partner program, theSecurity Innovation Alliance (SIA), which is a global ecosystem of system integrators (SIs), cloud, channel and technology alliances.

The goal of SIA is to provide customers with unmatched, fully integrated application security solutions from Contrast and its strategic alliance partners, which include leading multinationals like GitLab Inc., Amazon/Amazon Web Services (AWS), Microsoft, VMware, PagerDuty, Armor Code, Zimperium, Anchore, Neosec, Wallarm, Ermetic, Cloudwize, Noname Security, BLST Security, ProtectOnce, Scribe Security, Wiz, Wib and Legit Security. Additionally, the team will focus on building expanded partnerships with SIs, technology providers and independent software vendors (ISVs).

“We recognize that organizations cannot rely on a single security solution to fully protect customers from rising cyber threats. That is why it is critical to have strong, technical integrations between the tools that developers, operations and security teams use,” said Ben Goodman, Senior Vice President of Corporate Development and Strategic Alliances at Contrast Security. “Contrast has made significant investments in building an ecosystem, an engineering team, interfaces and tooling in order to launch SIA. I believe that technical partnerships start with technical integrations, and this new partner program will revolutionize the way customers scale their security solutions.”

SIA and the strong strategic partner integrations driven by Contrast will not only allow partners to easily integrate with the Contrast Secure Code Platform, but enable customers to achieve the following benefits:

*   Confidently use Contrast offerings as part of a larger application security (AppSec) program.
*   Enhanced security predictability and reduced risk of implementing new code and AppSec technologies.
*   Strengthened trust and confidence in the technologies that have already been deployed.

“When security solutions easily complement your DevSecOps toolchain, software engineers can deliver production grade software faster and more reliably,” said Nima Badiey, Global VP of Alliances at GitLab Inc. “As a launching member of Contrast’s new SIA ecosystem, we are helping customers discover and adopt more robust security practices. This enables companies to continually invest and innovate in modern and secure software supply chains.”

SIA is designed to improve its partners’ business capabilities to meet the needs of customers in AppSec. Contrast works with each partner to provide a custom experience that best fits their interests and business needs including a simple onboarding process, integration support, joint marketing campaigns and access to the company’s impressive install base.

“IDC has long recognized the importance of a robust ecosystem in AppSec. Customers can benefit when strategic partners work together for more holistic and integrated solutions for security. The Security Innovation Alliance enhances Contrast's portfolio by expanding its capabilities for customers and partners," said Jim Mercer, Research Vice President DevOps and DevSecOps at IDC.

SIA is led by Goodman, a successful Alliance professional, and other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Frank Gasparovic, Director, Ecosystem Engineering; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances.

To join the growing ecosystem of partners or to find out more about SIA, please visit our website, read our blog and listen to Goodman’s interview on Contrast’s Code Patrol podcast.

**About Contrast Security (Contrast):**

A world leading code security platform company purposely built for developers to get secure code moving swiftly and trusted by security teams to protect business applications. Developers, security and operations teams quickly secure code across the complete software development life cycle (SDLC) with Contrast to protect against today’s targeted application security (AppSec) attacks. Contrast also makes security testing available to all developers for free with CodeSec.

Founded in 2014 by cybersecurity industry veterans, Contrast was established to replace legacy AppSec solutions that cannot protect modern enterprises. With today’s pressures to develop business applications at increasingly rapid paces, the Contrast Secure Code Platform defends and protects against full classes of common vulnerabilities and exposures (CVEs). This allows security teams to avoid spending time on focusing false positives and remediate true vulnerabilities faster. Contrast’s platform solutions for code assessment, testing, protection, serverless, supply chain, APIs and languages help enterprises achieve true DevSecOps transformation and compliance.

Contrast protects against major cybersecurity attacks for its customer base which represents some of the largest brand-name companies in the world, including BMW, AXA, Zurich, NTT, SOMPO Japan and American Red Cross, as well as numerous other leading global Fortune 500 enterprises. Contrast partners with global organizations such as AWS, Microsoft, IBM Cloud, Guidepoint, Trace3, Deloitte and Carahsoft, to seamlessly integrate and achieve the highest level of security for customers.

The growing demand for the world’s only platform for code security has landed the company on some of the most prestigious lists including the Inc. 5000 List of America’s Fastest Growing Companies and has designated Contrast as one of the fastest growing companies on the Deloitte Technology Fast 500 List.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

**LAVAL, QC****,** **Feb. 1, 2023** **/PRNewswire/ —** The new Phishing Benchmark Global Report, based on the 2022 Gone Phishing TournamentTM hosted by Fortra's Terranova Security, reveals that large organizations of 10,000 employees or more are most susceptible to phishing attacks promising a gift, despite potentially having access to more cyber security resources than smaller businesses.

Co-sponsored by Microsoft, the annual tournament measures and evaluates how employees respond to one of the most common types of cyber threats – phishing attacks. The 2022 Phishing Benchmark Global Report results emphasize the growing need for all organizations to implement engaging and informative security awareness training programs. Ideally, those programs would leverage real-world phishing simulations to ensure employees are aware of the latest phishing tactics, can detect and report cyber threats and, in time, change unsafe online behaviors.

According to the report, many employees are still prone to answering requests for sensitive information – even when they come from unknown or suspicious email senders. This level of trust leaves an organization's confidential data vulnerable to hackers.

"Cyber threats continue to grab headlines worldwide, so it's encouraging to see improvement from last year's phishing simulation. However, let's not forget how, based on their context, each phishing scenario may convince a different set of users to click. There's definitely still work to do with regards to helping organizations build and grow security-aware cultures," **says Theo Zafirakos, CISO at Terranova Security.** "As the Phishing Benchmark Global Report also shows, it's difficult for some organizations, especially with a significant employee base, to educate employees and reinforce cyber security best practices. This is most true in a remote-first environment."

**2022 Phishing Benchmark Global Report: Key Results**

7 percent of all end users who participated in the 2022 phishing simulation clicked on the link in the phishing email. In addition, 3 percent of all end users failed to recognize the warning signs of the simulation's webpage and proceeded to enter their credentials on the malicious webpage.

Despite the seemingly low totals, this year's form completion rate poses a cause for concern. Globally, 44 percent of those who clicked on the phishing simulation link eventually completed the web form on the subsequent webpage and submitted their login credentials.

"To put these numbers into perspective, if an enterprise-level organization of 10,000 employees had been targeted with a phishing scam like the one depicted in the simulation," **says Zafirakos.** "700 employees would have clicked on the phishing link, and over 300 of those clickers would have entered their password, which can be used to compromise systems and sensitive information. Given our reliance on online systems and data to conduct many business transactions and services, this reality is concerning."

The simulation found that employees from large organizations are most susceptible to phishing attacks. According to participant data, organizations with 10,000 employees or more rarely missed security awareness training, indicating a potential lack of effectiveness.

Other key data highlights from the fourth edition of this event include:

*   For click rates by industry, nonprofit, education, manufacturing, and food and agriculture exhibited the highest totals, all scoring over 6 percent. Meanwhile, participants from the public sector, energy, and finance industries kept their click rates under 3.5 percent.
*   The consumer products space had the highest form completion rate across all industries, with 40 percent of those who clicked on the initial phishing link eventually entering their credentials on the malicious webpage.
*   Europe was the top performer of the five regions represented, claiming the lowest email link click and form completion rates. North America, the top-performing region in 2021, slotted into second place.

"The results from this year's Gone Phishing Tournament underscore the importance of taking a human-centric approach to security awareness training and content," says Brand Koeller, Principal Product Manager, Microsoft Defender. "Technical safeguards alone can't guarantee information security. Addressing the human risk factor should be a top priority for all organizations."

**2022 Phishing Benchmark Global Report:**

 **Methodology**

The 2022 Gone Phishing Tournament took place in October to coincide with Cybersecurity Awareness Month. With over 250 participating organizations and over 1.2 million phishing emails sent out during this year's event, it was one of the largest phishing simulations of its kind. The increase in the participation rate shows phishing is a major concern for many organizations considering the ever-evolving complex nature of real-world cyber threats.

Microsoft supplied this year's email and webpage templates designed to imitate a real-world scenario that many employees experience: a gift card scam. The scenario, selected by the Terranova Security leadership team, measured several end-user behaviors, such as clicking on a link in the body of a phishing email and entering credentials into a form on a phishing webpage.

If users clicked on the link in the phishing simulation's email, they were redirected to a landing page, which prompted them to enter credentials that, had the simulation been an actual attack, would have been compromised. If users completed this second step, they were brought to a phishing simulation feedback page highlighting the warning signs they missed and the best practices they should follow.

Though the 2022 Gone Phishing Tournament simulation was deemed easier than in previous years, the click rate and web form submission rate should still be considered high as a result.

Download the 2022 Phishing Benchmark Global Report to get all the results and facts from the latest edition of the Gone Phishing Tournament.

**About Fortra's Terranova Security**   
Fortra's Terranova Security is the global security awareness training partner of choice that has been transforming the world's end users into cyber heroes for more than 20 years. Using a proven pedagogical framework, Fortra's Terranova Security training solutions empower organizations worldwide to implement programs that change user behaviors, reduce human risk, and effectively counter cyber threats. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. With the addition of new features like its Content Center and Cyber Hero Score, Fortra's Terranova Security consistently innovates to support all organizations' cyber security objectives. These industry-leading solution additions also strengthen long-term information security for all professionals, regardless of region or sector, in an era where remote work and borderless productivity are standard. Learn more at terranovasecurity.com.

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.

In today's digital world, there's no question that security must be a constant priority for companies — whether it's protecting internal corporate information or their products and solutions.

However, when recessionary forces are lurking, security for products and solutions that are offered or sold to end users, such as Web or mobile applications, needs to become an even greater focus. While it might seem counterintuitive in a climate of cost-cutting to spend on security — essentially looked at as a checklist item — the alternative is a world of pain and more costs.

According to Accenture, cyberattacks grew by 31% between 2020 and 2021. This was right as the US was grappling with the COVID-19 pandemic and the negative impact it had on the nation's economy. Now, signs may be pointing to another downturn in the economy this year, something reflected by recent layoffs in the industry.

As a result of these economic factors, the reduction in staff and budgets can create the perfect window for cybercriminals to take advantage while companies focus on continuing to operate and sustain themselves.

**A Window of Opportunity for Cybercriminals**

During down economic periods, companies place a greater focus on generating top-line revenue and allot more staff and resources to accomplish it. This means that, in 2023, companies will prioritize the enhancement of applications by creating new features and functionalities that can drive sales.

Unfortunately, with the majority of staff and resources allocated to application enhancement, security can often fall by the wayside. Particularly, keeping everything updated with the latest security practices.

This deprioritization creates a window of opportunity for cybercriminals to take advantage of flaws or bugs in applications. For example, the Synopsys Cybersecurity Research Center (CyRC) recently highlighted a number of vulnerabilities in a few applications available through various app stores. The CyRC stated that it "uncovered weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities" in the apps Lazy Mouse, Telepad, and PC Keyboard. These vulnerabilities could lead to the gathering of sensitive information, such as login credentials, through the exploitation of keystrokes.

Although we don't know the full impact of these vulnerabilities, these are great examples of the types of flaws or bugs that could fall off the list of priorities for many companies.

**Application Security Is Nonnegotiable**

With any scenario in which an application can be compromised by cybercriminals, there's enormous potential for reputational damage and revenue generation. That's why it's nonnegotiable.

Regardless of whether we're in a recessionary period or not, companies must continue prioritizing all application security activities on the same level as revenue. These activities include:

*   **Vulnerability and penetration testing:** Some of the first security activities that are often deprioritized in times of economic downturn are vulnerability and penetration testing. While a company may conduct this testing every few months during a normal economic period, it may decrease that rate to focus IT and engineering staff efforts on building new features and functionalities. This means there's opportunity for cybercriminals to attack an application that's not kept up to date to determine where its security vulnerabilities lie. It's critical for companies to maintain or increase their testing windows during down economic periods as cyber activities tend to trend up.

*   **Risk assessments:** When developing or enhancing applications, there are often company-created custom features and functionalities as well as those they integrated through a third party. Features and functionalities like this can include payments (Apple Pay, Google Pay, Stripe, PayPal, etc.), access (Facebook or Google login, etc.), biometrics, and more. As with vulnerability and penetration testing, companies must conduct regular risk assessments that include any third-party additions with which they work or integrate. The vulnerabilities inherent to these third parties have the potential to become issues for their business, too.

*   **Privacy protection:** Applications, especially those that are geared toward consumers as the end users, are particularly vulnerable to cyberattacks. Companies must continue to implement the processes and protocols that ensure the safety and encryption of user information.

*   **Bug bounty programs:** Historically, many technology companies or companies that offer applications and software host bug bounty programs that help to identify bugs or flaws. It's important for companies to continue investing in these types of programs that offer compensation to developers for their detections because, as mentioned earlier, flaws and bugs open a window for cybercriminals to exploit applications.

**Keep Priorities in Sight**

As companies look ahead and the economy continues to change, it's important they don't lose sight of their priorities. Yes, it's important to continue to find new revenue streams through applications to keep companies profitable. However, that doesn't have to come at the expense of application security.

Application Security Must Be Nonnegotiable

KnowBe4 partners with the Center for Cyber Safety and Education to support Black Americans in recognition of Black History Month to help further education.

**TAMPA BAY, Fla., Feb. 1, 2023 /PRNewswire-PRWeb/ —** KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced it has partnered with the Center for Cyber Safety and Education yo launch the KnowBe4 Scholarship for Black Americans for the fourth consecutive year.

The recipient of this award will receive a $10,000 scholarship on behalf of KnowBe4. This is a one-time award and students may reapply each year in the future to be considered for another scholarship. Applicants will be scored in three categories: passion, merit and financial need. The application period is now open and will close on April 17, 2023 at 11:59 p.m. EST.

"KnowBe4 is honored to commemorate the beginning of Black History Month with the launch of the 2023 Black Americans in Cybersecurity Scholarship," said Kelly Barrena, VP of global talent brand and outreach, KnowBe4. "We are passionate in our efforts to diversify the cybersecurity industry and to provide this opportunity to a student who is equally as passionate about the field. KnowBe4 looks forward to learning more about the applicants and selecting a deserving recipient."

For more information on and to apply for the KnowBe4 Scholarship for Black Americans administered by the Center for Cyber Safety and Education, visit https://www.iamcybersafe.org/s/knowbe4-black-americans-scholarship.

**About KnowBe4**

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 56,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist, and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

**About the Center for Cyber Safety and Education**

The Center for Cyber Safety and Education (Center) is a non-profit charitable trust of (ISC)2 committed to making the cyber world a safer place for everyone. The Center works to ensure that people worldwide have a positive and safe experience online through award-winning educational programs, scholarships, and research. Visit http://www.IAmCyberSafe.org to learn more.

KnowBe4 to Offer $10,000 to Black Americans in Cybersecurity Scholarship

Study also reveals enterprises rely on multiple tools to ensure cloud security.

**DEL VALLE, Texas — (****BUSINESS WIRE****) —** ManageEngine, the enterprise IT management division of Zoho Corporation, today announced results from its new study, Cloud Security Outlook 2023. The study found that enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges.

According to Gartner, 85% of organizations will embrace cloud-first strategies by 2025. ManageEngine’s study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems. The adoption rate will further increase in 2023 and 2024 because 23% of respondents are planning to move to the cloud in the next 24 months.

Amid this situation, enterprises are forced to tackle numerous cloud security threats, including compromised accounts. Enterprises are hampered by short-staffed SOCs, which has led to concerns about their cloud security resiliency. As many as 77% of respondents stated that they only have three to five security analysts running their SOCs.

The ManageEngine study further revealed that enterprises are finding it increasingly difficult to gain visibility into cloud activities and comply with various stringent regulations. Nearly half (48%) of respondents find compliance with cybersecurity laws, especially those related to the cloud, to be highly challenging.

These factors are driving enterprises to adopt a consolidated security architecture that facilitates streamlined, efficient security operations. An overwhelming 97% of respondents will be evaluating a solution that provides all security functions in a single console in 2023.

“The adoption of CASBs and SIEM platforms helps enterprises ensure security and integrity. However, having different tool sets leads to a visibility gap and complicates cloud security management amid unpredictable threats," said Manikandan Thangaraj, vice president of ManageEngine. "Cyber resilience refers to the ability of an organization to ensure business continuity in the event of a cyberattack with the help of business processes and tools. Cloud security resilience, therefore, requires enterprises to have visibility, enhanced policy enforcement, infection isolation and impact neutralization from a unified security architecture."

The findings of the survey indicate that:

*   **A lack of staffing and orchestration makes the security process complicated.**
    *   Most respondents (84%) stated they either have fewer than five security analysts or don't have dedicated analysts at all to run their SOCs.
    *   94% of respondents use different security tools to protect data, monitor user access, adhere to compliance mandates and gain visibility into cloud platforms.

*   **The three most common and impactful cloud security threats are identity-based.**
    *   The IT professionals surveyed stated that cloud account compromise is the most common and impactful cloud security threat (35%), followed by external cloud account exploits (23%) and unauthorized access and account compromise by insiders (14%).

*   **Compliance proves to be challenging for enterprises.**
    *   About half (48%) of those who monitor their cloud access or have hybrid cloud systems deployed said that the process of ensuring compliance is highly challenging. Another 37% acknowledged that it is tough, but manageable.
    *   Only 16% of respondents said that they are all sorted when it comes to compliance with cybersecurity laws, especially those related to the cloud.

Visit ManageEngine's website to access the entire _Cloud Security Outlook 2023_ report at https://mnge.it/T8E.

**Survey Methodology**  

ManageEngine commissioned Censuswide, an independent market research agency, to study the cloud landscape and the market demand for cloud security tools. Around 500 IT professionals in the US were surveyed, spanning various industries, including healthcare, financial services, manufacturing and government.

**About ManageEngine**  

ManageEngine is the enterprise IT management division of Zoho Corporation. Established and emerging enterprises—including 9 of every 10 Fortune 100 organizations—rely on ManageEngine's real-time IT management tools to ensure optimal performance of their IT infrastructure, including networks, servers, applications, endpoints and more. ManageEngine has offices worldwide, including the United States, the United Arab Emirates, the Netherlands, India, Colombia, Mexico, Brazil, Singapore, Japan, China and Australia, as well as 200+ global partners to help organizations tightly align their business and IT. For more information, please visit manageengine.com, follow the company blog and get connected on LinkedIn, Facebook and Twitter.

ManageEngine Study Finds United States Enterprises Hit by Short-Staffed Security Operations Centers

Google Fi mobile customers have been alerted that their SIM card serial numbers, phone numbers, and other data were exposed in T-Mobile hack.

Google Fi has sent an email to customers to disclose that their account data was included in the more than 37 million customer records stolen from T-Mobile in November 2022.

Google Fi is a wireless plan that runs much of its service over T-Mobile networks.

Details on Google Fi customers, including phone number, SIM serial card number, and service plan details were among the stolen T-Mobile data. 

Google added in its email that the compromised information didn't contain "your name, date of birth, email address, payment card information, Social Security or tax IDs, driver's license or other form of government ID, or financial account information, passwords or PINs that you may use for Google Fi or the contents of any SMS messages or calls."

However, Lior Yaari, CEO and co-founder of Grip Security, noted that potential cyberattackers can still do a lot of damage via SIM-swapping, by having access to the users’ phone numbers and SIM serial card numbers.

"At minimum, affected customers should consider changing out their SIM card to protect themselves," he said via email. "Once the hackers take over your phone number, they can use it for illicit purposes, or even bypass two-factor authentication that uses SMS."

Google Fi has not noted how many customers are affected. 

"Given the serious nature and impact of the breach, it’s surprising that Google has not disclosed the number of customers impacted, like what we have seen in other major breaches," Yaari said. Google did not immediately return a request for comment.

The latest T-Mobile data breach marks the second in two years for the mobile carrier.

Source

DARKReading