Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.

Pigeons are way smarter than most people realize, but who knew they were handy with a smartphone? Now it's time to have some fun: Come up with a witty cybersecurity-related caption for the cartoon, above. Our favorite will win a $25 Amazon gift card.

The contest ends on March 1, 2023. Here are four convenient ways to submit your ideas:

*   Email _\[email protected\]_ with the subject line "The Edge February 2023 Toon."
*   Via social media: Twitter, Facebook, and LinkedIn.

**Last Month's Winner**

Congratulations to recently retired advertising creative director Jeff Sawyer, who these days says he claims the title of VP/Lethargy and, now, Edge contest winner. Jeff's caption (below) for January's "Upside Down World" amused us all.

    

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Name That Edge Toon: For the Birds

Apply these nine tips to proactively fight fraudulent websites that use your brand to rip people off.

Brand impersonation is a particularly thorny problem for CISOs. Cybercriminals piggyback off a trusted brand to push scam lures through various means to onto unsuspecting customers. They could disguise themselves as part of the organization's IT team or someone familiar to trick employees into clicking on malicious links or send a message that looks like it is coming from a legitimate source to convince the recipient the contents are real.

Retailers, product creators, and service providers are increasingly having to deal with brand impersonation attacks. Mimecast’s "2022 State of Email Security Report" found that 90% of organizations experienced an impersonation attack over the previous 12 months. Further, the Mimecast "2021 State of Brand Protection Report" found that companies on the BrandZ Top 100 Most Valuable Global Brands 2020 list experienced a 381% rise in brand impersonation attacks over May and June of 2020 compared to before the pandemic. New domains suspected of brand impersonation also rose by 366%. These impersonation attacks include not only the typical phishing or malware attacks, but also fraud that sells or claims to sell products or services on behalf of the brand. These include fencing of stolen items, non-delivery scams, and counterfeit or grey market sales of product.

"\[Brand impersonation\] is a fraud problem and a security incident problem," says Josh Shaul, CEO of Allure Security. "People are stealing from you, and you're trying to prevent the theft."

Experts recommend that CISOs take a systematic and multidisciplinary approach to this problem. The right approach will not only require technology like automated detection, but also security leadership in helping business stakeholders to harden the brand on a number of fronts.

**1\. Engage in Trademark Basics**

Shaul says that a "shocking" number of companies don't go through the most basic actions of establishing and maintaining ownership of their brand's trademark. The most fundamental step for hardening a brand from online attacks is to cover the basics like registering trademarks, logos, and unique product images, as well as keeping trademarks up-to-date.

"Once you lose control of the trademark, somebody else might register your trademark," he says. "It's a real problem for you. You can't enforce it if you don't own it, so you've got to start there."

**2\. Take Ownership of Online Landscape**

From there, the other basic component companies need to think about is taking ownership of a brand's online landscape. This means not only picking up as many potentially relevant domain names as possible for the brand, but also setting up a footprint on all possible social media channels, Shaul says.

"A lot of companies are like, 'Hey, we do social media, but we don't do TikTok,' or 'We don't do Instagram,' and therefore they don't set up a presence there," he says. "If you don't set up a presence for your brand on a major social platform, there's nothing stopping somebody else from setting up a presence for your brand on that major social platform. Then you've got to try to recover it, which is kind of a nightmare. Just planting the flag is important."

**3\. Monitor Domains**

Organizations should not only be watching and monitoring the domains they own, but also their domain ecosystem, says Ihab Shraim, CTO of CSC Digital Brand Services.

"This means understanding the types of domains that are being registered around them because it’s a multidimensional cyber threat," he says.

As he explains, often larger enterprises manage thousands of domains, which can make it difficult to keep tabs on and effectively manage the entire portfolio.

"Companies need to devise policies and procedures to monitor and mitigate threats associated with all their domains as an integral part of their security posture," Shraim says. He explains that they should be continuously monitoring their domains and also digital channels within search engines, marketplaces, mobile apps, social media, and email to look out not only for phishing and malware campaigns but also brand abuse, infringements, and counterfeit selling on digital channels. "It is crucial for companies to understand how their brands are operating on the Internet."

**4\. Leverage Threat Intel**

Doug Saylors, partner and co-lead of cybersecurity for global technology research and advisory firm ISG, believes that organizations should leverage threat intelligence to help them with the adjacent domains and also the tricky tactics, techniques, and procedures used by bad actors in their impersonation attacks.

"Organizations need to invest in threat intelligence platforms that will help identify the use of fake domains, phishing campaigns, and other technologies to defeat the TTPs \[tactics, techniques, and procedures\] used to enable brand impersonation," he says.

**5\. Consider Full-Cycle Brand Protection**

Saylors is also a big believer in full-cycle brand protection. He recommends companies consider these services — not just for their detection capabilities but also their expertise in mitigation.

"They should engage the services of specialty firms that deal with the full lifecycle of brand protection to ensure scalability and absolute focus on reducing fraudulent activity," he says. "These firms have advanced capability to identify fake sites, catalogs, and catalog entries and remove them through industrial-strength takedown procedures."

As organizations evaluate online brand protection companies, they've got to keep in mind that this is another cat-and-mouse game detection category, where mileage may vary based on technology and how well companies keep up with evasive behavior from the attackers.

For example, when attackers found that their scams were being discovered through image processing and logo detection, they began with simple evasive techniques like changing the image file format and then evolved to use multiple nested images and text in a single collapsed image to trip up detection, says Shaul.

"So now, unless you can compare sections of an image, which is a super hard technical problem that some of us have solved, you can't detect these things anymore," he says. "They just bypass the evolving detections that organizations are putting out there."

Another new tactic they've taken is creating generic fake shops and evolving them into branded shops over time, he says.

"The scammers are working hard to understand how detection is evolving in the industry, and doing things to try to evade detection as aggressively as they can," he says.

**6\. Use Incident Responders Judiciously**

Incident responders hate handling the mitigation of brand impersonation because it is a different skillset than a lot of analysts who get into the field for fun investigative work and not to chase down registrars to do takedowns, says Shaul. Even if a company can make it fun for their responders, they have got to be careful that they're using their specialized responders in a cost-effective way.

He likes to tell the story of a banking customer that had been putting this on their IR team, who turned it into a fun exercise by breaking into phishing sites that were targeting the company's brand and doing a lot of offensive security work.

"The IR guys were having a ball with it, but they realized, 'Look how much time we're spending basically just playing games with the attackers,'" he says. "They had their best people doing hard work to just clean up after scams that already happened."

He suggests that by knowing in advance that response to these sites takes a different skillset than advanced analysts have, this might be a way to break in new security ops personnel and give early-career responders some experience through a planned career path that starts with impersonation takedowns.

**7\. Proactively Build Law Enforcement Relationships**

Additionally, organizations should understand that they're likely going to need to help from the authorities in many of these cases. Saylors says that CISOs should be working to proactively build partnerships with law enforcement agencies and other relevant government authorities around the globe.

"They should also have direct relationships with law enforcement organizations that will pursue and prosecute the criminals responsible for brand theft and the resulting revenue loss to legitimate companies," he says.

**8\. Educate Consumers and Employees**

Frequent and detailed awareness campaigns for customers about what brand impersonation looks like compared to the real deal can go a long way toward curbing their risk of falling for common frauds.

"Organizations, other than large banks, tend to fail in this area due to concerns about scaring their customers away," he says. But actually, awareness campaigns like this can bring customers closer to the brand when they're done right. Here's a great example of what an awareness site can look like. This is a detailed fraud awareness article put together by Burton Snowboards that provides examples of fake Burton scam sites, with clues for their customers to look for in detecting a scam and some additional pointers. Communications like these can be used as a technique to not only build trust and goodwill among customers, but also build up the brand.

**9\. Differentiate Your Brand**

One final thing that CISOs can encourage their organizations to do is to find ways to ensure all of their sites, pages, and experiences are visually and contextually recognizable as part of the brand. This is an opportunity for collaboration with the marketing department. Not only can customers recognize distinctive brands more easily, but it's also a lot easier for automated detection searches to automatically find impersonated images and logos out in the wild, says Shaul.

"Ensure there's something a little bit different about your brand that makes it so that your customers and even your employees can recognize it. That's great for marketing but also helps security in a big way," he says. "The more your brand has differentiated itself with the way it looks, the way it feels, the way it's set — with little things like how your VPN looks — and the easier it is to protect the brand."

What CISOs Can Do About Brand Impersonation Scam Sites

The January attack was in retaliation for the satirical French magazine's decision to launch a cartoon contest to lampoon Iran's Supreme Leader.

A recent attack where a threat group calling itself "Holy Souls" accessed a database belonging to satirical French magazine Charlie Hebdo and threatened to dox more than 200,000 of its subscribers was the work of Iranian state-actor Neptunium, Microsoft said on Feb. 3.

The attack appears to have been a response by the Iranian government to a cartoon contest that Charlie Hebdo announced in December, where the magazine invited readers from around the world to submit caricatures "ridiculing" Iran's Supreme Leader Ali Khamenei. Results of the contest were to be published on Jan. 7, the eighth anniversary of a deadly 2015 terror attack on Charlie Hebdo — in retaliation for publishing cartoons of Prophet Mohammed — that left 12 of its staffers dead.

**Doxing Could Have Put Subscribers at Risk of Physical Targeting**

Microsoft said it determined Neptunium was responsible for the attack based on artifacts and intelligence that researchers from its Digital Threat Analysis Center (DTAC) had collected. The data showed that Neptunium timed its attack to coincide with the Iranian government's formal criticism of the cartoons, and its threats to retaliate against Charlie Hebdo for them in early January, Microsoft said.

Following the attack, Neptunium announced it had accessed personal information belonging to some 230,000 Charlie Hebdo subscribers, including their full names, phone numbers, postal addresses, email addresses, and financial information. The threat actor released a small sample of the data as proof of access and offered the full tranche to anybody willing to buy it for 20 Bitcoin — or about $340,000 at the time, Microsoft said. 

"This information, obtained by the Iranian actor, could put the magazine’s subscribers at risk of online or physical targeting by extremist organizations," the company assessed — a very real concern given that Charlie Hebdo fans have been targeted more than once outside of the 2015 incident.

Many of the actions that Neptunium took in executing the attack, and following it, were consistent with tactics, techniques, and procedures (TTPs) that other Iranian state actors have employed when carrying out influence operations, Microsoft said. This included the use of a hacktivist identity (Holy Souls) in claiming credit for the attack, the leaking of private data, and the use of fake — or "sockpuppet" — social media personas to amplify news of the attack on Charlie Hebdo.

For instance, following the attack, two social media accounts (one impersonating a senior French tech executive and the other an editor at Charlie Hebdo) began posting screenshots of the leaked information, Microsoft said. The company said its researchers observed other fake social media accounts tweeting news of the attack to media organizations, while others accused Charlie Hebdo of working on behalf of the French government.

**Iranian Influence Operations: A Familiar Threat**

Neptunium, which the US Department of Justice has been tracking as "Emennet Pasargad," is a threat actor associated with multiple cyber-enabled influence operations in recent years. It is one of many apparently state-backed threat actors working out of Iran that have heavily targeted US organizations in recent years.

Neptunium's campaigns include one where the threat actor attempted to influence the outcome of the US 2020 general elections by, among other things, stealing voter information, intimidating voters via email, and distributing a video about nonexisting vulnerabilities in voting systems. As part of the campaign, Neptunium actors masqueraded as members of the right-wing Proud Boys group, FBI's investigation of the group showed. In addition to its Iran government-backed influence operations, Neptunium is also associated with more traditional cyberattacks dating back to 2018 against news organizations, financial companies, government networks, telecommunications firms, and oil and petrochemical entities.

The FBI said that Emennet Pasargad is actually an Iran-based cybersecurity company working on behalf of the government there. In November 2021, a US grand jury in New York indicted two of its employees on a variety of charges, including computer intrusion, fraud, and voter intimidation. The US government has offered $10 million as reward for information leading to the capture and conviction of the two individuals.

**Neptunium's TTPs: Reconnaissance & Web Searches**

The FBI has described the group's MO as including first-stage reconnaissance on potential targets via Web searches, and then using the results to scan for vulnerable software that the targets could be using. 

"In some instances, the objective may have been to exploit a large number of networks/websites in a particular sector as opposed to a specific organization target," the FBI has noted. "In other situations, Emennet would also attempt to identify hosting/shared hosting services."

The FBI's analysis of the group's attacks shows that it has specific interest in webpages running PHP code, and externally accessible MySQL databases. Also of high interest to the group are WordPress plug-ins such as revslider and layerslider, and websites that run on Drupal, Apache Tomcat, Ckeditor, or Fckeditor, the FBI said. 

When attempting to break into a target network, Neptunium first verifies if the organization might be using default passwords for specific applications, and it tries to identify admin or login pages. 

"It should be assumed Emennet may attempt common plaintext passwords for any login sites they identify," the FBI said.

Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says

At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021.

An unknown threat actor has been quietly mining Monero cryptocurrency on open source Redis servers around the world for years, using a custom-made malware variant that is virtually undetectable by agentless and conventional antivirus tools.

Since September 2021, the threat actor has compromised at least 1,200 Redis servers — that thousands of mostly smaller organizations use as a database or a cache — and taken complete control over them. Researchers from Aqua Nautilus, who spotted the campaign when an attack hit one of its honeypots, are tracking the malware as "HeadCrab."

**Sophisticated, Memory-Resident Malware**

In a blog post this week, the security vendor described HeadCrab as memory-resident malware that presents an ongoing threat to Internet-connected Redis servers. Many of these servers don't have authentication enabled by default because they are meant to run on secure, closed networks.

Aqua's analysis of HeadCrab showed that the malware is designed to take advantage of how Redis works when replicating and synchronizing data stored across multiple nodes within a Redis Cluster. The process involves a command that basically allows administrators to designate a server within a Redis Cluster as a "slave" to another "master" server within the cluster. Slave servers synchronize with the master server and perform a variety of actions, including downloading any modules that might be present on the master server. Redis modules are executable files that administrators can use to enhance the functionality of a Redis server.

Aqua's researchers found HeadCrab exploiting this process to load a cryptocurrency miner on Internet-exposed Redis systems. With the attack on its honeypot, the threat actor, for instance, used the legitimate SLAVEOF Redis command to designate the Aqua honeypot as the slave of an attacker-controlled master Redis server. The master server then initiated a synchronization process in which the threat actor downloaded a malicious Redis module containing the HeadCrab malware.

Asaf Eitani, security researcher at Aqua, says several features of HeadCrab suggest a high degree of sophistication and familiarity with Redis environments.

One big sign of that is the usage of the Redis module framework as a tool to perform malicious actions — in this case, downloading the malware. Also significant is the malware's use of the Redis API to communicate with an attacker-controlled command-and-control server (C2) hosted on what appeared to be a legitimate but compromised server, Eitani says. 

"The malware is specifically built for Redis servers, as it heavily relies on Redis Modules API usage to communicate with its operator," he notes.

HeadCrab implements sophisticated obfuscation features to remain hidden on compromised systems, executes more than 50 actions in a completely fileless fashion, and uses a dynamic loader to execute binaries and evade detection. "The threat actor is also modifying the normal behavior of the Redis service to obscure its presence and to prevent other threat actors from infecting the server by the same misconfiguration he used to gain execution," Eitani notes. "Overall, the malware is very complex and uses multiple methods to achieve an edge on defenders."

The malware is optimized for cryptomining and appears custom-designed for Redis servers. But it has built-in options to do a lot more, Eitani says. As examples, he points to HeadCrab's ability to steal SSH keys to infiltrate other servers and potentially steal data and also its ability to load a fileless kernel module to completely compromise a server's kernel.

Assaf Morag, threat lead analyst at Aqua, says the company has not been able to attribute the attacks to any known threat actor or group of actors. But he suggests that organizations using Redis servers should assume a full breach if they detect HeadCrab on their systems.

"Harden your environments by scanning your Redis configuration files, ensure the server requires authentication and doesn't allow "slaveof" commands if not necessary, and do not expose the server to the Internet if not necessary," Morag advises.

Morag says a Shodan search showed more than 42,000 Redis servers connected to the Internet. Of this, some 20,000 servers allowed some sort of access and can potentially be infected by a brute-force attack or vulnerability exploit, he says.

HeadCrab is the second Redis-targeted malware that Aqua has reported in recent months. In December, the security vendor discovered Redigo, a Redis backdoor written in the Go language. As with HeadCrab, Aqua discovered the malware when threat actors installed on a vulnerable Redis honeypot.

"In recent years, Redis servers have been targeted by attackers, often through misconfiguration and vulnerabilities," according to Aqua's blog post. "As Redis servers have become more popular, the frequency of attacks has increased."

Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

The greatly expanding attack surface created by the cloud needs to be protected.

The challenges facing chief information security officers (CISOs) have evolved dramatically in the past decade. Today, they must align their security efforts — and budgets — with the business goals of their organization, which may range from maintaining customer confidence that their data is safe to protecting intellectual property from theft.

As a key member of the executive management team, CISOs often have board-level reporting responsibilities. They must manage a new and daunting level of technical complexity introduced by the cloud, where identities are virtually the first and last line of defense. And the job doesn't end there. To be successful, they must also put substantial effort into building a team with skills in a variety of disciplines, and choosing the right defensive technologies.

**The Technical Challenge**

The transition to remote or hybrid work models combined with accelerated cloud adoption has greatly expanded the attack surface CISOs must protect. Furthermore, they often have to deal with more than one cloud. The major providers — Amazon Web Services, Azure, and Google Cloud Platform — all have slightly different structures, procedures, requirements, and so on, all of which further increase the complexity of managing these sprawling architectures.

Data-center-oriented companies that have transitioned to the cloud obviously face a new set of security concerns that conventional firewalls were never designed to handle. Hence, the now commonly heard refrain "Identity is the new perimeter." This is certainly true. While firewalls and other network-based controls shouldn't be abandoned, CISOs need to focus on identity issues. The following three-step process can deliver results in this area quickly and efficiently.

*   **Rein in excess privileges****.** During a migration to the cloud, global privileges are often granted to everyone on the transition team. It's best to avoid this, but if it happens, privileges should be reviewed and limited after the transition. One good way to do this is to monitor which resources are being accessed by which individuals. If an individual isn't accessing a particular resource, the right to do so should be revoked.
*   **Correlate excess privileges and misconfigurations****.** Cloud misconfigurations are another serious risk. But when a privileged identity has access to a misconfigured cloud resource, the results can be disastrous. Fortunately, automated tools are now available to help detect misconfigurations, as well as excessive privileges, and remediate them to eliminate threats.
    
*   **Prioritize****.** There is never enough time or enough staff to correct every misconfiguration, so it's important to focus on those that are the greatest source of security risk. For example, remediating identity-based access threats to cloud storage buckets is critical for preventing data breaches. Monitoring for configuration errors that expose data through excessive, default, etc., permissions should be a top priority.

**The Human Challenge**

Securing cloud infrastructure demands unique skills, and finding qualified individuals to do the work is one of CISOs' biggest challenges. There are three key areas of competency that every cloud security team should possess:

*   **Architectural competence.** To assess an organization's security posture and create a road map for maturing it over time, security teams require a reference model. The CSA framework is an excellent resource, and there are several others available. Without a clear understanding of architectural concepts presented in industry standard security frameworks like CSA, it's difficult to reduce the cloud attack surface and easy to overlook blind spots.
*   **Cloud engineering.** The security team also needs to handle the day-to-day requirements of cloud security, which may include management, maintenance, and more. Competent cloud engineering is essential for "keeping the lights on" in the security sphere.
    
*   **Reactive capabilities.** Globally, cyberattacks occur at the rate of 30,000 per day. Every enterprise can expect incidents to occur on a regular basis, and security teams need specialists who can react quickly to limit — if not prevent — serious consequences.
    

The ideal makeup of a cloud security team spans network, cloud, and development specialists who can work collaboratively. The task of building a team with these capabilities is complicated by the fact that there is a shortage of 3.4 million cybersecurity workers at the moment.

One approach that works well as a supplement to hiring is development from within through training. This may occur in-house or through third-party certification programs. Also, in choosing vendors, organizations should favor those whose offerings include a strong training component. If possible, CISOs may find ways to get non-security employees to work on some security tasks.

Once assembled, one of the problems that any security team will encounter is dealing with multi-cloud architectures, which are becoming the norm. Very few individuals are familiar with the tools, nomenclature, and security model of all three major cloud platforms. For this reason, many companies are turning to cloud native technologies that understand the nuances associated with securing different cloud platforms and simplify security tasks for users that may lack specialized training in AWS, Azure, GCP, etc.

To sum up, the challenges facing today's CISOs are largely driven by the cloud, which creates a greatly expanded attack surface that needs to be protected. Meanwhile, mastering the management model and tools used by each cloud platform requires security expertise that is in extremely short supply. Solutions are available that provide the visibility and platform knowledge needed to help security teams implement best practices for protecting their cloud infrastructure, while helping them up-skill analysts in the process.

How the Cloud Is Shifting CISO Priorities

Engineers can use the Cyber Resiliency Engineering Framework Navigator to visuzalize their cyber resiliency capabilities.

Cyberattacks are on the rise and enterprise defenders are protecting an increasingly expanding and complex attack surface. For many organizations, the focus is shifting away from prevention to resilience — to maintain essential business functions during an attack and recover quickly without losing too much downtime. Towards that end, MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator, a free visualization tool for engineers designing cyber resilient systems.

The Navigator helps organizations customize their cyber resiliency goals, objectives, and techniques, as aligned by NIST SP 800-160, which outlines standards on developing cyber-resilient systems. MITRE integrated the MITRE ATT&CK techniques and mitigations into the Navigator tool to help engineers understand how the systems they are designing could be targeted.

Resiliency is something that is engineered into the system – it doesn't just happen. The CREF framework guides engineers along four key principles: Anticipate (informed preparedness), Withstand (continue business functions even while under attack), Recover (restore business functions after an attack), and Adapt (change to minimize impact of attack).

The tool makes it possible to search and visualize the cyber resiliency framework so that engineers can "make educated and informed choices," Shane Steiger, MITRE's principal cybersecurity engineer, said in a statement.

Companies are looking at cyber resilience as part of their strategy to prevent incidents and mitigate losses when they occur, according to Cisco's annual Security Outcomes Report: 96% of executives surveyed named security resilience as high priority. The report identified some actions that helped increase resilience:

*   Companies that reported implementing a mature zero trust model saw a 30% increase in resilience score compared to those that had none.
*   Having advanced extended detection and response capabilities correlated to a 45% increase in resilience score for organizations over those that report having no detection and response solutions.
*   Converging networking and security into a mature, cloud-delivered secure access services edge (SASE) increased resiliency scores by 27%.

Automated support for organizations interested in building stronger defenses for their critical infrastructure will be available in a future version, MITRE says. "We plan to keep evolving the Navigator as the discipline of cyber resiliency engineering matures," MITRE's Steiger said in a statement.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

MITRE Releases Tool to Design Cyber Resilient Systems

**LONDON, UK – 1 February 2023 –** Leading cybersecurity provider Hornetsecurity has today launched two new tools – the QR Code Analyzer and Secure Links - to combat growing cyber threats. These launches come in response to a rise in fake QR codes and the ongoing threat of phishing, which represents 40% of all cyber threats.   

Hornetsecurity has also released a new automated mailbox migration solution, which helps partners efficiently and securely deploy and operate Microsoft 365 in the cloud for their customers – and remain safe from cyberattacks. In addition, the cybersecurity specialist has simplified its partner program to enable partners to work on projects and MSP business equally and centrally.   

**QR code phishing**

Research from Hornetsecurity’s Security Lab has discovered that cybercriminals are using QR codes in emails to obtain confidential data. To counter this latest threat, Hornetsecurity is expanding its Advanced Threat Protection and 365 Total Protection Suite for Microsoft 365 with the launch of its QR Code Analyzer. This unique technology determines whether QR codes link to malicious sites when scanned.   

The launch of Hornetsecurity’s ‘Secure Links’ functionality will also help limit cyber-attacks, especially ransomware attempts. This new service runs all email links through a secure analyzer before enabling the recipient to safely open the link. Both new technologies provide businesses and their employees with extra reassurance that their email communications are safe.   

Hornetsecurity CEO, Daniel Hofmann, said: “Hornetsecurity is committed to pre-empting and responding to new cybersecurity threats and customer concerns. Phishing attacks and fake QR codes are on the increase, so we are pleased to launch unique technologies that will combat these ever-growing threats. The QR Code Analyzer and Secure Links tools will benefit businesses by fighting cybersecurity attacks in a safe, reliable and cost-effective way.”  

**Migrate mailboxes in a safe and efficient way**

In response to challenges that Hornetsecurity partners have faced in transferring mailboxes from on-prem to Microsoft 365 cloud, the cybersecurity specialist has developed the Mailbox Migration Tool. This new offering enables Hornetsecurity partners to automatically migrate customers securely, efficiently and with major time-savings – in turn, enabling them to provide peace of mind by offering full security for Microsoft 365 via 365 Total Protection.  

**New simplified partner program** 

Hornetsecurity has also created a new simplified partner program. The newly adjusted program aims to unify partner levels and includes both managed service (MSP) and project business. These updates make entry barriers negligible, so partners can provide Hornetsecurity's services with minimal effort and investment.  

Hornetsecurity COO, Daniel Blank added: “Hornetsecurity has listened to our partners’ needs, which has led to the launch of our efficient and safe Mailbox Migration Tool, at the same time as our new partner program is rolled out.  

“This launch package is just the start of what will be a busy 2023 for Hornetsecurity as we monitor, learn and respond to new sophisticated cyberattacks, and continue to keep our customers’ data safe from ever-present threats.”   

**Further information**

For more information on Hornetsecurity’s new cybersecurity tools, please visit Advanced Threat Protection and

Hornetsecurity Combats QR Code Phishing With Launch of New Technology

Denver-based business secures Series A Funding through partnerships with Iron Gate Capital and Kozo Keikaku Engineering.

**DENVER****,** **Feb. 2, 2023** **/PRNewswire/ --** KoreLock, an emerging IoT Smart Lock technology company, is pleased to announce funding to support the development and expansion of its Smart Lock technology and software platform. Private equity firm Iron Gate Capital and engineering firm Kozo Keikaku Engineering, Inc. have invested in the company alongside management.

KoreLock serves a vast market of lock manufacturers, specialty lock brands, and software companies looking to convert their existing offline locks into cloud-connected Smart Locks.

"KoreLock addresses the market need for OEM Smart Lock technology with wireless integration to access control software services," said Grant Walter, KoreLock President and CEO. "Traditional lock companies have tried to develop their own Smart Locks but abandoned these efforts lacking the capabilities to do it themselves."

KoreLock specializes in embedded printed circuit board solutions that help lock manufacturers overcome the complexities of developing connected Smart Locks, reduce costs, and shorten their overall time-to-market.

"KoreLock offers a unique access control solution for the lock manufacturing industry that fits well with our focus on early-growth stage B2B technology companies," said AJ Dye, Partner, Iron Gate Capital.

KoreLock's patent-protected technology is embedded in over 50,000 locking devices in 65+ countries and has been tested and proven for over a decade.

"KoreLock is well-positioned for accelerated growth, anchored by partnerships with industry-leading lock brands worldwide," added Walter. "We are investing meaningfully to expand our team, solutions, and customers." 

**About KoreLock** 

KoreLock, Inc. is an IoT technology company that provides turnkey embedded Smart Lock solutions that enable manufacturers of door locks or access control hardware to build and sell connected locking devices. Korelock, Inc. is a privately held company based in Denver, Colorado.

**About Iron Gate Capital**  

Iron Gate Capital, LLC is a nationally recognized deal-by-deal private equity firm investing in market leading "early growth" technology companies on behalf of over 60 families. Iron Gate Capital is based in Boulder, Colorado.

**About Kozo Keikaku Engineering, Inc. (KKE)**  

KKE is a professional design and engineering firm that acts as a bridge between the academic and business worlds. KKE strives to solve various issues and challenges that society faces, utilizing its engineering expertise acquired through knowledge exchanges in diverse fields. KKE is based in Tokyo, Japan.

SOURCE KoreLock, Inc.

Korelock Launches IOT Smart Lock Technology Company

The Russia-linked LockBit ransomware group claims to be behind the attack that fouled automated transactions for dozens of clients of financial technology firm ION Group.

A cyberattack on a subsidiary of a Dublin-based financial technology and trading firm ION Group has disrupted transactions for dozens of major clients in both Europe and the United States, impacting the market for exchange-traded derivatives, the firm and other sources stated this week.

The attack, reportedly carried out by the Russia-linked LockBit ransomware group, has resulted in the trading company isolating servers and taking them offline. The company's subsidiary ION Cleared Derivatives, which provides order management and execution services, acknowledged the "cybersecurity event" in a statement on Jan. 31.

"The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing," ION Cleared Derivatives said in a statement, adding that it would provide further updates as more information becomes available.

Derivatives are financial instruments whose value is tied to an underlying asset or a benchmark, such as the price of oil, portfolios of debt, or stocks. The four broad categories of derivatives are options, futures, swaps, and forwards, with massive sums traded every day. The value of assets traded as options and futures in North America, for example, totaled $30.1 trillion and $23.5 trillion, respectively, in the third quarter last year, according to the Bank for International Settlements.

The cyberattack on ION Cleared Derivatives has affected at least 42 of the company's clients, disrupting their processing of derivative trades, according to a Bloomberg News report. Several members of two large industry groups in the United States — the CME Group and Intercontinental Exchange — have also been impacted by the attack on the ION Group, an article in the Financial Times stated.

    

The LockBit group claims they have hacked ION Group's network. Source: Recorded Future

The Futures Industry Associations (FIA) — which represents one area of derivatives, futures contracts — is investigating the attack's effects on its members, the group said in a statement.

"FIA is aware of network issues caused by a cyber incident on certain ION Group systems which are impacting the trading and clearing of exchange traded derivatives by ION customers across global markets," the group stated. "We are working with impacted members, including clearing firms and exchanges, as well as market regulators and others, to assess the extent of the impact on trading, processing, and clearing."

**LockBit Claims Credit for Carnage**

The infamous LockBit group — responsible for recent attacks on the Hospital for Sick Children in Toronto and a host of chemical and industrial targets — posted a breach notice to its extortion site on Feb. 2 naming the ION Group as a victim. In addition, a ransom note, purportedly from the group, is currently circulating on private forums and names the ION Group as a compromised business, says Allan Liska, a senior analyst with threat intelligence firm Recorded Future.

How the LockBit group gained access to the ION Group's subsidiary and the extent of the damage are questions that will likely take a while to answer, Liska says.

"Unfortunately, not a lot is known yet about the tools used in the attack," he says. "The ION Group is likely still assessing the damage and conducting incident response and disaster recovery, so they may not know the full scope yet."

The LockBit cybercrime group uses a ransomware-as-a-service (RaaS) model, creating the tools to compromise and infect victims and then relying on affiliates to infect companies, healthcare organizations, and government agencies. While ransomware groups relied in the past on encrypting data and holding the keys for ransom, the modern variant of the scheme typically also steals sensitive data and threatens its release.

**How Widespread Is the ION Attack's Impact?**

The immediate impact to clients of ION Cleared Derivatives' services is that the post-trade processes — such as "trade matching and keeping track of risk and margin requirements" activities normally automated by the company's services — have to be completed manually, according to the Financial Times.

Yet the service outage is also affecting markets in the United States and parts of Asia, underscoring the interconnectedness of today's financial and technological infrastructure.

"ION Group is used by financial institutions all over the world, so this attack is likely having wide-ranging impact on those institutions," Record Future's Liska says. "This is, unfortunately, an increasingly common problem with ransomware attacks: The attack doesn't just impact the affected organization but every organization that organization works with."

While the attack has had widespread — and in some cases, surprising — effects, a senior US Treasury official stated that the disruption to the ION Cleared Derivative's platform does not pose a "systemic risk to the financial sector," according to Bloomberg News.

Cyberattack on Fintech Firm Disrupts Derivatives Trading Globally

Examining some key examples of recently found fraud sites that target the lucrative retail shoe industry helps us understand how brand impersonation sites evolve.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading