Recent cyberattacks against SMBs across Europe have been traced back to copycat groups using leaked LockBit locker malware.

A recent spate of cyberattacks against small to midsize businesses (SMBs) across Northern Europe was initially believed to be the handiwork of LockBit, but following further investigation, it turns out that a copycat group is using leaked LockBit malware for campaigns of its own.

According reports from Belgium's Computerland publication, the "wannabes," while not as sophisticated as the LockBit operators themselves, were able to encrypt the files of at least one organization. The LockBit impersonators were able to exploit an unpatched FortiGate firewall, researcher Pierluigi Paganini explained.

"Despite not being the true LockBit locker group, these micro-criminals were still able to cause significant damage by encrypting a large number of internal files," Paganini added. "However, the company was able to restore its network from backups and no client workstations were affected during the intrusions."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Poser Hackers Impersonate LockBit in SMB Cyberattacks

Demand for skilled professionals will remain high, but cyber budgets will be eaten away.

We've recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count further still. Yet the cybersecurity sector, thus far, has remained relatively unscathed with respect to cyber professionals (it’s a different story with vendors, which are subject to the mores of the market). The question is why, and will it continue to buck the trend?

Much of the reason why the security industry remains so buoyant is down to the fact that there simply isn't the fat to cut from security teams. Most businesses are struggling to recruit sufficient staff due to a widening skills gap — the ISC2 "2022 Cybersecurity Workforce Study" reports that while there is a global workforce of 4.7 million, the gap is almost as big at 3.4 million — and that means teams are often short-handed, leading to job creep, whereby staff have to take on extra responsibilities. "The State of Security 2022" report found that 76% of cybersecurity staff had to take on responsibilities they were not ready for in an attempt to fill the void. 

**Is My Job Safe?**

Yet despite professionals being in demand, the wider cybersecurity sector is beginning to feel the pain. Budgets themselves remain robust, with analyst houses such as Gartner predicting strong investment in cloud security, application security, and other information security software. But even if cybersecurity spending increases in 2023, it's being eroded by rising inflation and increasing solution/licensing costs, and the majority (70%) believe budgets will be cut or frozen this year, according to ESG Research.

So, what are the implications for the year ahead? First, cybersecurity talent will remain in short supply, while the annual shortfall, together with an exodus of talent, will see the gap widen, increasing demand still further. Jobs will, therefore, largely be safe, although this doesn't apply across the board.

The shortages are focused, with those with three to four years or more of experience most in demand, according to the Department for Digital, Culture, Media, and Sport, as well as those with experience in emerging or nascent technologies, such as cloud security, security operations center (SOC) analysts, and security admin and security architects, according to Fortinet's "2022 Cybersecurity Skills Gap" report. Those findings broadly tally with ISACA's "State of Cybersecurity 2022" report, which lists the top five skill sets as cloud computing, data protection, identity access management, incident response and DevSecOps. However, positions further down the hierarchy are likely to prove less recession-proof. 

**Investment in Tech**

Second, shrinking budgets could slow investment in automation, which many had hoped would alleviate the skills shortage and improve retention rate by providing security teams with some much-needed assistance. That's bad news for the industry, as it will stifle progress, but it could also see organizations become more exposed. The ISACA report found 69% of those businesses that suffered an attack last year were somewhat or significantly understaffed, and it's a problem that is turning out to be something of a self-fulfilling prophecy. Half of staff say they are much more likely to quit following a cyberattack, and job candidates are far less likely to want to work for a business that has suffered from cyberattacks, according to "The True Cost of Cyber."

However, the jury is still out on just how affected cyber spending will be. According to "The 2023 State of IT" report, cybersecurity is expected to increase its take out of IT budgets with respect to software (11%), hardware (7%), cloud (6%), and managed services (11%). Furthermore, the "2023 Global Tech Outlook" report found cybersecurity is now viewed as a higher-priority spend than innovation in digital transformation projects. IT security (44%) came out top as a spending priority for the next 12 months, followed by cloud infrastructure (36%) and IT/cloud management (35%).

**Wage Walkouts**

Third, we're unlikely to see salaries continue to escalate as they did pre- and post-pandemic, when some salaries experienced double-digit percentage growth. The Harvey Nash Hot Skills & Salary Report found that certain cybersecurity roles have plateaued, with 67% not receiving a pay rise. Realistically, this will make retention more difficult, and businesses are going to have to work to hang on to their hard-won talent (60% of businesses have already had staff poached, according to ISACA). That said, with the market contracting, some cybersecurity professionals may opt for job security over salary.

It looks unlikely that the cybersecurity sector will escape entirely the ravages of the recession. Demand for skilled professionals will remain high, but with cyber budgets being eaten away, there will be less cash to go round, forcing businesses to prioritize. In a bid to do more with less, workloads are likely to go up, in turn increasing staff turnover, jeopardizing business continuity. That means the one certainty we do seem to have is that businesses will be understaffed — and overexposed.

Will Cybersecurity Remain Recession-Proof in 2023?

To meet a pressing demand for industrial and OT security, zero-trust, device-level cybersecurity provider expands with strategic hires in new and established markets.

**Hod Hasharon, Israel – January 31, 2023 —** NanoLock Security, a leading provider of zero-trust, device-level cybersecurity for OT systems, accelerates its expansion into European and North American markets and announces new strategic leadership hires. The move comes in response to the growing demand for Industrial and OT security as a result of major geo-political events, as well as the latest regulations calling for a zero-trust device-level approach. The new hires will boost NanoLock's sales, marketing, product, and business development growth, dominating the market of protection for connected devices and machines against outsiders, insiders, supply chain attacks, and human error.

"In response to market changes and the latest regulatory developments in the US, requiring zero-trust, device-level protection for connected manufacturing machinery and industrial devices, NanoLock is proud to announce a roster of strategic hires - all distinguished experts - in several countries," said Eran Fine, the CEO and Co-Founder of NanoLock. "As the first and only solution currently addressing this need, we are committed to meeting the demand and expanding our reach to more customers around the world." 

**Growing Demand Requires A Growing Team**

To drive further engagement with strategic partners, distributors, global system integrators, as well as manufacturing companies and utilities, NanoLock has promoted David Stroud to Chief Revenue Officer and tasked him with building a global sales team with deep experience protecting OT systems. Stroud is an industry-recognized leader who served as GM & COO in the energy and metering sector.

The company has also hired Moty Kanias (Col, IDF) as Vice President of Cyber Strategy and Alliances to support their growing network of partners. Formerly a colonel in the Israeli Defense Forces, where he was most recently the Commander of Information Operation Center and the Head of Counter-Intelligence Research, Kanias elevates NanoLock’s ability to protect partners’ vulnerable systems thanks to his extensive counter-intelligence background and international cyber policy experience. 

Responsible for the development of the new generation of IIoT and OT product lines, Helen Bravo joins NanoLock as the VP of Product. Bravo has 25 years of success building and launching cyber security protection products and managing product management processes at cyber companies like Checkmarx Security, DocAuthority, and Israel Cloud Computing Association.   

NanoLock has brought on Tamar Milstein as Chief Marketing Officer (CMO) to lead an expanded marketing program. With over 20 years of experience in B2B marketing in cybersecurity, fintech, and IT sectors, Milstein will lead marketing strategies that will drive awareness and generate demand for NanoLock’s unique solution.

For more information on NanoLock, its expanding global network of customers, manufacturing partners, and distributors, and its unique device-level OT cyber protection solution, visit www.nanolocksec.com.

NanoLock Addresses Global Industrial & OT Cyber Demand with Expansions into Europe and North America

SysKit report highlighting effects of digital transformation on IT admins and governance landscape released.

**CAMBRIDGE, England****,** **Jan. 31, 2023** **/PRNewswire/ —** SysKit, a SaaS software company, has published a report on the effects of digital transformation on IT admins and the current governance landscape. The survey found that 40% of companies experienced a data leak in the previous year, which can have severe consequences on an organization's efficiency and result in large fines, downtime, and loss of business-critical certifications and customers.

Improper implementation of zero trust and full trust approaches can lead to data leaks. Despite their drawbacks, 50% of respondents consider the full trust approach to governance optimal, and 68% believe the zero trust approach limits collaboration capabilities.

"We believe both approaches have disadvantages. Organizations lose amazing collaboration features with zero trust, and with full trust, you give up visibility and control over resources in the environment. That's why we developed a product for Microsoft 365 tenants that cancels out the negative sides of both approaches," said Toni Frankola, CEO of SysKit.

The research, conducted in November, surveyed 205 US IT professionals responsible for managing organizations' IT environments, and accurately represents the targeted population.

The survey also found that most IT admins (82%) believe non-tech employees who are resource owners should be more involved in data reviews and care of their team's workspaces. However, when asked about their specific IT governance skills, half of the respondents reported non-tech employees don't know how to apply external sharing policies properly, 56% consider they don't know how to apply provisioning policies, and 30% report their colleagues are not taking care of their inactive content. This lack of skills can lead to data leaks, uncontrolled workspace sprawl, and additional storage costs.

The survey also found that the biggest challenges today for IT admins are a lack of understanding from superiors, huge workloads, and misalignment of IT and business strategies. Due to the complex IT changes companies faced during the accelerated digital transformation in the past two years, 70% of respondents felt burnout symptoms. Frankola commented on how to decrease IT admins' workload and limit security risks: "My advice would be to implement simple and intuitive tools that support delegating tasks and increase visibility. It's important to include all employees in executing governance policies. This way, companies can prevent certain cybersecurity risks and improve business efficiency".

**About SysKit:**

SysKit specializes in developing a data management and governance SaaS platform for Microsoft 365 environments. Through constant customer dialogue, SysKit addresses numerous challenges IT professionals and business users face daily. Gartner recently identified them as a representative vendor in their Market Guide for SaaS Management Platforms. SysKit Point is available for a free trial.

New Survey Reveals 40% of Companies Experienced a Data Leak in the Past Year

Mentoring, scholarships, and professional development opportunities will be offered to those underrepresented in the industry through the collaboration.

**BOSTON****,** **Jan. 31, 2023** **/PRNewswire/ —** Aura, the leader in intelligent safety for consumers, today announced a partnership with nonprofit Cyversity, in an effort to increase representation and opportunity for underrepresented talent in the cybersecurity workforce. Aura's sponsorship of the organization will include a substantial charitable donation and contribution to Cyversity's scholarship fund, education for Cyversity members around the importance of consumer cybersecurity, and mentorship from Aura Chief Information Security Officer (CISO) J.R. Tietsort. 

"As leaders in the cybersecurity space at Aura, we have a responsibility to support and nurture the next generation of information security innovators," said J.R. Tietsort, Aura Chief Information Security Officer. "Mentorship played a crucial role in my career growth, aspirations and success, and I am honored to share my expertise and continue evolving our collective growth."

Aura's mission is to create a safer internet for everyone, which requires a workforce that more closely represents and can better serve the needs of our increasingly diverse world. According to a 2021 Aspen Institute report, women (24%), Hispanic (4%) and Black (9%) individuals make up a small portion of cybersecurity workers. These statistics reflect the need for a major cultural shift in how industry leaders prioritize shaping and nurturing a diverse future workforce. Aura is committed to leading this evolution through education, innovation and inclusion initiatives in partnership with trusted organizations and advocates.

"As we strive to lead the industry and proactively protect families from all backgrounds with innovative intelligent safety tools, it is imperative that we build teams that represent and deeply understand many diverse perspectives and lived experiences," said Aura Founder and CEO Hari Ravichandran.

Volunteering and giving back has been a pillar of Aura's company culture since its founding. This partnership will expand these types of opportunities available to Aura employees, as well as offer resources and guidance to the company around bolstering diversity, equity and inclusion (DEI) in hiring, recruitment and retention initiatives. 

"Aura's mission is strongly aligned with Cyversity's goal of achieving consistent representation of women and underrepresented minorities in the cybersecurity industry," said Cyversity Executive Director, Beverly Benson. "This partnership with Aura supports Cyversity in our goal of closing the great cyber divide and further expands access to professional opportunities in the consumer cybersecurity space."

The Cyversity partnership builds upon Aura's existing DEI initiatives, including existing collaborations with Code2College and Howard University. The existing collaborations bring professional development opportunities and expertise to diverse high school students pursuing STEM careers, as well as a STEM Scholarship for an exceptional computer science student at one of the nation's oldest historically Black colleges and universities (HBCUs). The 2022-founded Aura Innovation Fund is another way the company drives greater inclusivity, through investments in companies led by underrepresented founders or those tackling challenges faced by communities vulnerable to cybercrime.

**About Aura**

Aura, the leader in intelligent safety solutions, provides all-in-one digital protection for consumers. We understand that the online safety needs of each individual are unique and require a personalized solution. By bringing together security, privacy and parental controls on an intelligent platform, Aura makes adaptive and proactive digital safety accessible to everyone. Visit www.aura.com

.

**About Cyversity**

Cyversity was created as a 501(c)3 non-profit association dedicated to the academic and professional success of minority cybersecurity students and professionals. Cyversity tackles the 'great cyber divide' with scholarship opportunities, diverse workforce development, innovative outreach, and mentoring programs.

Aura and Nonprofit Cyversity Partner to Support a More Inclusive Cyber Workforce

Standard Investments leads round with participation from Munich Re Ventures, Moore Strategic Ventures, Bessemer Venture Partners, and Zeev Ventures.

**NEW YORK** **and** **TEL AVIV, Israel****,** **Jan. 31, 2023** **/PRNewswire/** — Sentra, a cloud data security  company, today announced the completion of a $30 million Series A funding round led by Standard Investments with participation from Munich Re Ventures (MRV), Moore Strategic Ventures_,_ Xerox Ventures and INT3 as well as existing investors Bessemer Venture Partners and Zeev Ventures. The new financing, secured just 18 months after the company was founded, brings the total capital raised to over $53 million. The company also announced that Standard Investments' Peter Marturano, technology sector head, and MRV's Oshri Kaplan, managing director, will be joining its Board of Directors.

Sentra enables security teams to gain full visibility and control of cloud data, as well as protect against sensitive data breaches across the entire public cloud stack. This funding will enable Sentra to increase its market presence, invest in its technology and partner ecosystem and, grow its team to meet the accelerating demand of Sentra's cloud-native data security solution around the globe.

"With the growing complexity of securing information in today's data-driven economy, Sentra's experienced leadership team and impressive product innovation engine make them extremely well-positioned to address this urgent need at scale," said Yaron Ben David, chief digital officer, Standard Industries. "We look forward to working with the Sentra team as they execute on the company's mission to enhance data security for cloud-driven organizations around the world."

"In the 18 months since its founding, Sentra's clear vision and operational efficiency have quickly translated into real value for customers, making its security solution critical to the modern cloud data stack," said Amit Karp, partner at Bessemer Venture Partners. "The need for Sentra's solution is going to continue to grow as organizations further embrace digital transformation. As a long-time investor, we have the utmost trust in Sentra's team to meet these challenges and lead the cloud data security space." 

**Raising the Bar for Data Security in the Cloud**

By 2025, Gartner estimates that over 95% of new digital workloads will be deployed on cloud-native platforms, up from 30% in 2021. Data overload and the adoption of cloud infrastructures have transformed the way engineers and applications interact with data, which often leads to moving, duplicating, or changing sensitive data assets. The majority of business leaders simply do not know where their organization's sensitive data is, and the growth of the data attack surface leads to more sensitive data being exposed or leaked. Sentra allows businesses to regain control over their data vulnerabilities and shrink the data attack surface by finding all cloud data, classifying it according to sensitivity, and then offering actionable remediation plans for data security teams.

"As we help our customers understand and protect petabytes of data, this capital will help us accelerate our plans to enable organizations to get the most out of their data by keeping it secured at all times," said Yoav Regev, co-founder and CEO of Sentra. "This is just the beginning for Sentra. I am extremely proud of what our team has accomplished to date and look forward to achieving our shared goals in 2023 and beyond."

**Fortifying Sentra's Board**

The addition of Marturano and Kaplan brings tremendous value and industry expertise to Sentra's Board of Directors. Marturano leads Standard Investments' efforts in the technology, media, and telecommunications sectors across both later-stage private and public markets. Serving as one of the lead investors across the cyber and insurtech sectors at MRV, Kaplan has worked with numerous early stage companies in the boardroom, and has helped them scale through partnerships and high-value growth initiatives.

Created and led by experienced entrepreneurs and veteran leaders of the Israel Defense Forces' Unit 8200, Sentra is a member of the Cloud Security Alliance and was recognized last year by Gartner as a Sample Vendor for Data Security Posture Management in the Hype Cycle™ report for Data Security 2022. For more information, please visit the website, read the company blog or follow on LinkedIn.

**About Sentra**

Sentra is a data security platform that helps organizations discover and remediate the top data security risks in their public environments. Sentra automatically detects if sensitive data is vulnerable due to misconfigurations, over-permissions, unauthorized access, data duplication or other security issues. The company was founded in 2021 and is co-headquartered in New York City and Tel Aviv. For more information, please visit www.sentra.io.

Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud

Three mindset shifts will help employees build a habit of vigilance and make better security decisions. Move past security theater to reframe thinking so employees understand data's value, act with intention, and follow data best practices.

A confused marketing team member nervously buys $1,000 worth of Amazon gift cards after receiving purchasing instructions via text from the "boss." The entire sales team mindlessly accepts cookies while visiting competitor websites and skips through privacy disclosures when downloading new apps to gather business intel. Your phone vibrates, and it's a client. They're demanding to know why sensitive customer information is in an unsecured Google Doc.

These panic-inducing scenarios are familiar to most modern IT and security leaders and share something in common. Each hypothetical breakdown is the result of employees — and the digital public as a whole — being lulled into a false sense of security regarding their online behaviors.

While IT and security leaders are aware of the accelerating landscape of digital threats, employees are less prepared, creating a risk for every organization.

**Security Theater Distracts From Steady Improvements**

We've seen the introduction of major privacy legislation to curb the rise in digital threats, which I fully support. However, sweeping laws like GDPR and regulations established stateside have had an effect or outcome more as security theater than as actual protections.

What's security theater? It's a set of rules or guidelines that offer the appearance of security but don't guarantee it. Users aren't blameless, either. Security theater can also occur when consumers grow apathetic about well-intentioned protections. For example, while cookie notifications demonstrate transparency about how and where websites track and use customer data, does anyone read the full privacy statements? Do users understand the consequences of what they click? Or are they too inundated with notifications to notice?

Until digital literacy and safety standards become mandatory in school curricula, the best way to ensure your employees are well-versed in the risks of their online actions is reframing thinking through improved security training and education.

As a technology leader, you know each employee is an endpoint capable of inviting risk into the organization. But that also means employees can become safeguards against threats, too — when adequately prepared and in the right headspace.

**Remove the Smoke and Mirrors**

In addition to mandatory and routine training and security tools, the best way to ensure employees are vigilant about potential risks is to help them reframe their online mindset while encouraging them to leverage critical thinking in evaluating and defending against internal and external threats. Helping employees develop a healthier understanding of what's at stake when they engage online — and the value of the information they interact with once there — can strengthen digital habits and build more mindful, proactive thinking when faced with a threat or even before one occurs.

Here are three mindset shifts to start with:

1.  **Understand data's fundamental value.** Employees — and most online consumers — don't give much thought before hitting "accept all" when encountering cookies. Similarly, users skim or even skip privacy notices on apps or when signing up for services. These behaviors can feel perfunctory because these types of security notifications are nonstop when we engage online — and because "accepting" doesn't often seem like the value exchange that it is. If you can help employees understand the value of their data, they're more likely to realize how precious every online decision is and think more critically before clicking and accepting. Considering that one in three US workers has little to no skills using digital devices, a significant missing component to more robust security is workplace digital literacy training that focuses on the specific threats faced by your organization and industry. 
2.  **Act with intention.** When people realize the value of their data, they're more vigilant and protective of it. But your employees should also feel encouraged to proactively ask questions about risks and formulate better ways to protect themselves. For example, your teams should have access to and familiarity with a standardized communication plan for when they receive phishing texts or emails. Instead of simply deleting these threats, all employees should screenshot communications, forward images to the department in charge of security, and immediately alert fellow team members of the text. A discerning eye for security threats is only the first step — next, your employees should feel prepared to handle suspicious activity when encountered.
3.  **Follow data best practices, no matter the context.** It's important to determine if your employees understand that customer data is sacred no matter how far removed from your actual clients. A good example of this concept comes from where I sit in legal tech. Our law firm customers deal daily with topics including divorce, bankruptcy, complex real-estate purchases, and more with their clients. Naturally, these legal proceedings cover a tremendous amount of personal, sensitive data stored on our platform. We take the protection of this information extremely seriously, knowing that a breach of this information cannot be undone and may ruin lives, and we work to improve our protective mechanisms. Protection against threats takes a team effort. As a result, we encourage our law firm clients to ensure that all their employees understand their role in protecting private information. We inform customers of security best practices — like using a password manager and enabling two-factor authentication, avoiding sending or sharing documents from unsecured accounts or devices, and putting contingency plans in place if sensitive client information is accidentally shared.

When employees understand how their day-to-day behaviors — no matter how small — can expose sensitive data, they're less likely to introduce risk in the first place. While you strive to train employees on how to protect data in every scenario, building a habit of vigilance reduces the amount of reactive problem-solving required in the first place.

Improving your employees' fundamental understanding and respect for the value of data shields your organization from digital threats. But without reinforcing this understanding through ongoing mindset shifts, the status quo and security theater of repetitive privacy notifications will make employees feel more complacent. With complacency comes risk — so, are your employees thinking critically about their online behaviors?

And are you thinking critically about it, too?

Are Your Employees Thinking Critically About Their Online Behaviors?

Since requirements differ for users who work both from home and in the office, policies — and underlying technology — must adapt.

The demand for remote work has only grown since the serious transition began almost three years ago. Organizations have seen the benefits of working remotely. Still, they have also been transitioning into much more of a hybrid work environment, where employees are allowed to work both from home and in the office, choosing the days they want to collaborate in person. Several companies have seen success in this hybrid work environment, having begun testing this new way of working since the fall of 2022.

The transition to a hybrid workforce has meant that security teams are on high alert, since they now have to protect the internal office network and secure connectivity from multiple locations their users are working. The looming fear of more outbreaks and recession has IT leaders considering robust solutions to protect their hybrid workforce in the longer term. The following are predictions for hybrid work in 2023.

**Return to the Office Will Demand Better Access**

Hybrid work is here to stay! Yes, yes, I know it's been said many times, but it really is. While this is the reality of the foreseeable future, employees demand a better user experience while working from the office and remote locations.

During the sudden switch to remote work, IT leaders turned to VPNs as an easy way to fix a short-term problem. However, given the current scenario of a long-term hybrid workforce, this strategy needs to be reconsidered. And that's what several organizations are doing as they find zero trust to be a more reliable and scalable solution. Having tested zero trust for remote employees, we fully expect zero trust to apply universally to remote and in-office users.

**Ransomware, Multifaceted Extortion Will Continue to Grow**

With the increase in locations of connectivity, so too is the attack surface growing. The number of exposed vulnerabilities has increased, and so has the risk. Hybrid work will increase the adoption of bring your own device (BYOD) in 2023. With the multitude of devices, we'll see the general attack surface expand with the potential for profound impact. Over the past couple of years, we have heard several cases of ransomware being introduced to company networks due to exploited VPN servers. These stories will continue to make headlines in 2023 as well. There needs to be an additional emphasis on security for the work-from-anywhere workforce and a fundamental change to how security teams look at securing the perimeter and resources.

**Final Nail In VPN Coffin**

Virtual private networks are old news. Traditional networks, VPNs, and DMZs use IP addresses and network locations to establish network connectivity for users. This architecture was built over 30 years ago to provide users access to data center applications, not modern cloud-based ones. In addition, VPNs are being used as a conduit for cyberattacks due to legacy architecture, and there is a need for continuous assessment to manage appliances. Finally, due to their slow connectivity, users complain about VPNs hampering their productivity. Users are looking for seamless, scalable, and secure access to applications in your data center or a public cloud without needing a VPN.

**Security Is Now a Shared Responsibility**

Networking and IT leaders have had to adopt new technologies and infrastructure to match the modern way of work. News surrounding security exploits in the recent past has forced increased attention to cyber-risks. Businesses globally are increasingly exposed, placing security teams under immense pressure. Security is now vital and will be a shared responsibility that spans from individuals to IT, supply chains, and the C-suite. 2023 will see an increase in the adoption of zero trust for the hybrid workforce to provide complete security from the users to the applications, no matter where they connect.

**Cloud Security Solutions At the Forefront**

Protecting users, data, and applications is integral to providing a secure hybrid work environment. We predict cloud security as the primary security solution as security appliances and hardware security solutions slowly fade away. Organizations will also look for platforms that offer a broader solution set to ensure they are secure and can justify their investment. Security service edge (SSE) is fast becoming a reliable solution for remote work, the cloud, secure edge computing, and digital transformation. Delivered as a unified cloud-centric platform, SSE enables organizations to break free from the challenges of traditional network security.

Read more _Partner Perspectives_ from Zscaler.

Predictions For Securing Today's Hybrid Workforce

The demand is unmistakeable and the business case is readily justified — it's time to implement zero trust.

It's been nearly three years since the business world was catapulted into remote work, yet many organizations are still grappling with making essential technology upgrades. They're looking to provide better security for hybrid working, along with digitized production infrastructure, while managing emerging dependencies on the Internet of Things, operational technology, and 5G cellular. Now, they're also contending with challenging economic conditions, supply chain uncertainty, changing business demands, and budget pressures in a macro economy.

To succeed in this new climate, organizations need the agility and efficiency enabled by the cloud along with the security to protect their valuable assets and data. That's why more businesses are discovering they must accelerate digital transformation and adopt zero-trust security to address today's complex business needs.

**Securing the Case For Zero-Trust Security**

Embracing zero-trust security as a part of any digital transformation strategy has profound impacts, from changing company culture to creating new business models where technology enables innovation, change, and growth. As such, IT and security leaders have a key opportunity to bridge the gap and join forces in educating decision makers on the wide-reaching benefits of zero-trust infrastructure.

The common divide between the different business teams can lead to many misunderstandings around the rationale of embarking on a journey of zero-trust transformation. For instance, executive leaders tend to see digital transformation as a technology issue, moving spending from infrastructure to cloud providers, rather than an integral part of the business strategy that enables their organization to forge new revenue models, increase productivity, and scale without limitation.

Security leaders may confuse a zero-trust initiative as just another digital transformation IT project they have to help support while overlooking the workload reduction impacts on their own day-to-day operations. The deeper value of implementing inline threat prevention and continuous policy enforcement from a zero-trust architecture shifts the primary strategy from detection to prevention, combined with continuous authentication and visibility to limit the impact of incidents and provides rich telemetry to improve response times.

For their part, IT leaders focused on driving the business tend to best understand that transformation is not only about migrating apps to the cloud, but about futureproofing the business so it has all the requirements needed to safely scale, grow, and effectively reach new goals. The majority of IT decision makers agree that secure cloud transformation is impossible with legacy network infrastructure and that zero trust has clear advantages over traditional firewalls and VPNs for securing remote access.

With all the financial, social, and operational pressures on organizations today, it is critical for business leaders to shift perspective and recognize that now is the time to join forces and embrace zero trust as a requirement for enabling our remote workforces, protecting against the most damaging types of cyber threats, and as a high-value growth and business impact driver capable of delivering the significant cost savings organizations need to thrive.

**Unlocking Value with Zero-Trust Architecture**

Disrupting decades of legacy security and networking principles, the concept of zero trust has evolved into a framework for critically securing our users, devices, applications, and data. IT and security leaders globally are waking up to this imperative to transform their legacy infrastructure as they face more complex business, access, data, and security challenges than ever before. Against a backdrop of rapid digital transformation, a disappearing network perimeter, and evolving threats, organizations turn to zero-trust architecture as the gold standard for reducing risk and enabling productivity in a remote, distributed, and cloud-enabled world.

A comprehensive zero-trust platform has the power to redesign business and organizational infrastructure requirements. It can become a business driver that provides the hybrid work support employees need to succeed, and enables complete agility with:

*   **Cyber protection**: a holistic approach to better risk reduction by stopping things before they ever get to the enterprise or the customer.
*   **Data protection**: ensure only verified users with appropriate permission can access policy-enforced applications.
*   **Zero-trust connectivity**: zero trust eliminates access to the company network and the lateral threat movement enabled by access to traditional routable networks.
*   **Digital user experience**: frustration-free access for increased productivity.

Zero-trust architecture brings solving major IT, workforce, and security business challenges within reach by driving greater innovation, supporting better collaboration, and preventing large-scale cyberattacks. On top of these benefits, the right solution will also help deliver significant cost savings. Heeding the call means recognizing that full zero-trust digital transformation is the missing link helping businesses empower and ready themselves today for whatever threats and technologies the future brings.

Read more _Partner Perspectives_ from Zscaler.

Unleash the Full Potential of Zero-Trust Security

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.

Sandworm, an advanced persistent threat (APT) group linked to Russia's foreign military intelligence agency GRU, has deployed a medley of five different wipers on systems belonging to Ukraine's national news agency Ukrinform. 

The attack was one of two recent wiper offensives from Sandworm in the country. The efforts are the latest indications that the use of destructive wiper malware is on the rise, as a popular weapon among Russian cyber-threat actors. The goal is to cause irrevocable damage to the operations of targeted organizations in Ukraine, as part of Russia's broader military objectives in the country.

**A Medley of Wipers**

According to Ukraine's Computer Emergency Response Team (CERT-UA), the Ukrinform attack was only partially successful and ended up not impacting operations at the news agency. But had the wipers worked as intended they would have erased and overwritten data on all the infected systems and essentially rendered them useless.

CERT-UA reported the attack publicly last Friday after Ukrinform asked it to investigate the incident on Jan. 17. In an advisory, CERT-CA identified the five wiper variants that Sandworm had installed on the news agency's systems as CaddyWiper, ZeroWipe, SDelete, AwfulShred, and BidSwipe. Of these, the first three targeted Windows systems, while AwfulShred and BidSwipe took aim at Linux and FreeBSD systems at Ukrinform. Interestingly, SDelete is a legitimate command line utility for securely deleting Windows files.

"It was found that the attackers made an unsuccessful attempt to disrupt the regular operation of users' computers using the CaddyWiper and ZeroWipe malicious programs, as well as the legitimate SDelete utility," a translated version of CERT-UAs advisory noted. "However, it was only partially successful, in particular, to several data storage systems."

**"SwiftSlicer" Wiper Comes to Light**

Separately, ESET disclosed another attack last week where the Sandworm group deployed a brand-new wiper dubbed SwiftSlicer in a highly targeted attack against an unidentified Ukrainian organization. In the attack, the Sandworm group distributed the malware via a group policy object, suggesting that the threat actor has already gained control of the victim's Active Directory environment, ESET said. CERT-UA had described Sandworm as employing the same tactic to try and deploy CaddyWiper on Ukrinform's systems.

Once executed, SwiftSlicer deletes shadow copies, recursively overwrites files in system and non-system drives, and then reboots the computer, ESET noted. "For overwriting it uses 4096 bytes length block filled with randomly generated byte(s)," the security vendor said.

Sandworm's use of disk wiper malware in its campaigns against Ukrainian organizations is one indication of the destructive power that threat actors perceive these tools as having. Sandworm is a well-known, state-backed threat actor that became infamous for its high-profile attacks on Ukraine's power infrastructure, with malware such as BlackEnergy, GreyEnergy, and, more recently, Industroyer.

Sandworm's rampant use of disk wipers in its new campaigns is consistent with a broader increase in threat actor use of such malware in both the weeks leading up to Russia's invasion of Ukraine, and in the months since then.

At a session during Black Hat Middle East & Africa last November, Max Kersten, a malware analust from Trellix, released details of an analysis he had conducted of disk wipers in the wild in the first half of 2022. The researcher's study identified more than 20 wiper families that threat actors had deployed during the period, many of them against targets in Ukraine. Some examples of the more prolific ones included wipers that masqueraded as ransomware, such as WhisperGate and HermeticWiper, and others such as IsaacWiper, RURansomw, and CaddyWiper.

The researcher's study showed that, from a functionality standpoint, disk wipers had evolved little since the "Shamoon" virus of more than a decade ago that destroyed thousands of systems at Saudi Aramco. The major reason is that attackers usually deploy wipers to sabotage and destroy systems and therefore have little need for building in the stealth and evasiveness required for other types of malware to be successful.

So far, threat actors have used disk wiping malware only relatively sparingly against organizations in the US, because their motivations have been typically different than those going after targets in Ukraine. Most attacks targeting organizations in US tend to be financially motivated, or involve a spying or cyber-espionage bent. However, that doesn't mean threat actors cannot launch the same kind of destructive attacks in the US if they choose too, analysts have cautioned.

Source

DARKReading