EZ-NAS also provides add-on data backup, cloud connector and ransomware anomaly detection.

Sunnyvale, Calif., June 1, 2022 – StorCentric, a data-centric security company, offering a comprehensive portfolio of secure data management solutions, today announced the general availability (GA) launch of Nexsan EZ-NAS, network attached storage (NAS). Featuring an easy to configure 1U form factor and four drives with up to 72 TB of raw capacity and 1.5 GB/s of throughput, the new EZ-NAS array is ideal for small and medium sized businesses (SMBs) and large enterprises’ edge deployments.

The Nexsan EZ-NAS platform delivers advanced enterprise-class features such as in-line compression, AD support and data-at-rest encryption. EZ-NAS also comes with the Retrospect software for optional add-on services, including data backup, cloud connector and ransomware anomaly detection.

“The new Nexsan EZ-NAS product stands apart from every other solution in its class because of its ease of use, functionality, and price point,” said Rommel Caparanga, Technology Director, TIM Engineering Systems Solutions Corporation. ”This platform is what our customers have been asking for as a solid NAS solution to accommodate current and future data management needs. Further, the reliability of the brand speaks for itself.”

“The new EZ-NAS, which delivers Nexsan’s award-winning enterprise storage in a form factor and at a price ideal for SMBs and edge use cases, is the perfect fit for many data center applications such as edge repositories, digital video and media workflows, as well as video surveillance deployments,” said Surya Varanasi, CTO, StorCentric. “EZ-NAS can also protect high-value data from the unexpected, as a file backup target. With the optional Retrospect software license, the EZ-NAS enables secure backups, data sharing and disaster recovery use cases.”

To learn more about the Nexsan EZ-NAS, please visit: nexsan.com/ez-nas.

Tweet this: @StorCentric Launches EZ-NAS - Network-Attached Storage for SMBs and Enterprise Edge Deployments https://www.nexsan.com/nexsan-news-and-press/ #Affordable #Easy #Management #NAS #Data #Backup #DataServices

**About Nexsan**

Nexsan® is a global enterprise storage leader, enabling customers to securely store, protect and manage business data. Established in 1999, Nexsan has earned a strong reputation for delivering highly reliable and cost-effective storage while remaining agile to deliver purpose-built storage. Its unique and patented technology addresses evolving, complex enterprise requirements with a comprehensive portfolio of unified storage, block storage and secure data protection. Nexsan is transforming the storage industry by turning data into a business advantage with unmatched security and compliance standards. It is ideal for a variety of use cases including Government, Healthcare, Education, Life Sciences, Media & Entertainment, and Call Centers. Nexsan is part of the StorCentric family of brands. For further information, please visit: www.nexsan.com.

**About StorCentric**

StorCentric provides world-class, award-winning, and data security-focused data management solutions. The company has shipped over 1 million storage solutions and has won over 100 awards for technology innovation and service excellence. StorCentric innovation is centered around customers and their specific data requirements, and delivers quality solutions with unprecedented flexibility, data protection, high-performance and expandability. For further information, please visit: www.storcentric.com.

StorCentric Launches Nexsan EZ-NAS -Network-Attached Storage for SMBs and Enterprise Edge Deployments

AI and ML are important SecOps tools, but human involvement is still required.

Artificial intelligence (AI) can be used to enhance the efficiency and scale of SecOps teams, but it will not solve all your cybersecurity needs without the need for some human involvement — at least, not today.

Most commercial AI successes have been associated with supervised machine learning (ML) techniques specifically tuned for prediction tasks that yield business value. These use cases for ML, such as spoken language understanding for your smart-home assistant and object recognition for self-driving cars, make use of vast amounts of labeled data and computation required to train complex deep learning models. They also focus on solving problems that barely change. This is in contrast to cybersecurity, where we rarely have the millions of examples of malicious activity needed to train deep learning models, and we face intelligent adversaries that frequently change their tactics to try to outmaneuver our latest detection capabilities, including those using ML.

In addition, the digital exhaust from human behavior in enterprise environments is extremely hard to predict. Anomalies in these systems are common and very rarely represent malicious threat actor behavior. It is therefore unreasonable to expect that unsupervised anomaly detection can be used to learn about an enterprise environment’s normal behavior and be able to generate meaningful alerts about malicious activity without creating false alarms on unusual but benign events.

Finally, the degree of data imbalance in threat detection is unlike many other use cases for ML. Imagine for a moment that you are a midsize to large enterprise collecting 1 billion potentially security-relevant telemetry events per day and expect to find one incident worth seriously investigating. Nobody wants to lose the ransomware lottery and have their business grind to a halt with the potential for even worse reputational damage by missing that one security incident. However, if you build an ML-based threat detector processing each event by itself that is 99.9% accurate, you would be searching for that one true positive in a sea of 1 million false positives. Conquering this data imbalance requires significant expertise and a multipronged detection strategy.

Despite these challenges, there are ways for SecOps teams to leverage the technical power of AI/ML to gain operational efficiencies. The following principles should be considered when doing so.

**1\. Symbiotic Humans and Machines Work Better Together**

Consider ML a complement to human intelligence rather than a substitute for it. In the context of complex systems, especially when combatting intelligent adversaries that adapt quickly, automation will deliver the greatest value with active learning at its core. Humans should regularly review the results of ML-based systems, provide feedback, add additional examples of new malicious behaviors, retune the models, and constantly iterate. Anyone who has ever had to face an intelligent adversary, whether it be in cyberspace or in combat, should be familiar with the OODA loop, developed by US Air Force Colonel John Boyd. It has many similarities to active learning techniques that can be exceptionally useful in ensuring that automatable decisions made in each loop are using the best insights, optimizing the utility of manual analysis performed in some loops, and scaling it to assist in processing more loops than humanly possible.

**2\. Pick The Right Tool for the Job**

You do not have to become an AI expert to make good AI-related decisions for your team, but you should be reasonably informed about the basics to ensure that you are picking the right tool for the job.

First, it is important to know the difference between anomalous and malicious behaviors because they are rarely the same and require very different techniques when it comes to detection. The former is easy to discover with unsupervised anomaly detection that does not require labeled training data, but the latter requires supervised learning that typically requires many historical examples.

Second, alerts with a high signal-to-noise ratio are critical for SecOps teams, and you need to fully understand the downstream effects of any probabilistic system that will not be 100% accurate.

Finally, while nearly every ML technique has been applied to cybersecurity, it is still important to have thousands of signatures from threat intelligence that operate like a minefield of trip wires. When constantly tuned by an expert team of security researchers, signatures provide a critical baseline for detecting known threats that needs to be a part of every security program for the foreseeable future.

**3\. Use AI Where It Can Be Most Successful**

It is ironic that many cybersecurity professionals who might trust AI to drive their car are skeptical about AI executing remedial containment actions. Automated action, after all, is one of the best ways to make your SecOps team more efficient. Automation frees the creative human mind from getting bogged down in time-consuming operational tasks — which are right in AI's wheelhouse. ML is useful in detecting advanced threats, especially when you can aggregate evidence, and it is also useful when prioritizing alerts from a variety of detectors that may come from different systems. AI can automate low-risk containment actions, such as quarantining suspicious files or requiring users to re-authenticate, which can dramatically increase your SecOps efficiency and lower your cyber-risk.

With all that said, AI/ML cannot be your only cybersecurity strategy — at least, not in 2022. When you are searching for important needles in immense haystacks, the most effective strategy still comes from pairing machine intelligence with the human intuition of expert analysts.

Distinguishing AI Hype From Reality in SecOps

SAN DIEGO, May 31, 2022 /PRNewswire/ -- ESET, a global leader in cybersecurity, has announced a new suite of products for the Telecommunications and Internet Service Provider (Telco and ISP) industry, with the aim of offering extensive protection to consumers. Cybercrime is a borderless problem and ESET telemetry shows that the volume of cyberattacks is increasing, with a trend toward attacks against smartphones. ESET's newly launched NetProtect suite ensures that service providers and their end users have the tools they need to combat these advanced and evolving mobile threats.

**About the new ESET NetProtect products  
**The new offering includes ESET NetProtect for Mobile and ESET NetProtect for Mobile Advanced, which offer security via mobile networks, and ESET NetProtect for Home Advanced, which helps secure fixed network connections. These solutions protect customer devices connected to Telco and ISP networks (fixed or mobile) against malicious web domains or domain categories such as malware, phishing and potentially unwanted content. With ESET NetProtect Advanced (fixed or mobile), parents also have full control of their children's filters through Web Content Filter. The management portal for end users allows them to manage the ESET NetProtect settings of their connected devices, manage their domain whitelists and blacklists, and generate security reports, giving users an insight into how ESET protects their devices as well as summary information about detected threats, blocked webpages and more.

Thanks to easy integration into Telco and ISP network services and existing activation processes, network-level solutions do not require any software installation on end user devices, and are compatible with both Android and iOS. The solutions are provided as a one-click service activation from the users' trusted internet provider and automatically provide protection to any connected device. Security tailored to customers' needs is ensured by offering robust local customer and partner support coverage along with comprehensive protection that is a step ahead of online threats via ESET's first access to a unique set of malware detected and pooled at a worldwide network of research and development centers.

"We are thrilled to launch this new suite of advanced cybersecurity products designed for service providers and their customers, which represents a critical threat vector for bad actors," said Brent McCarty, President of ESET North America. "At ESET, we always develop products with our customers in mind, and with our ESET NetProtect offering we have created an easy-to-use and elegant solution not only for the industry leaders in the Telco and ISP sector, but for the consumers who are the actual end users of our products."

For more than 30 years, ESET has invested heavily in multiple layers of proprietary technology that prevent breaches of its customers' endpoints and systems, by both known and never-before-seen threats. These products are informed by world-class threat analysis and expertise from the company's global research team. With a presence in over 200 countries worldwide and 13 research and development centers around the world, ESET offers its over 400,000 business customers peace of mind that their interests are protected at all times. ESET also helps protect the Google Play store and is trusted by millions of consumers around the world. To read more about the new offering for Telcos and ISPs or to contact the ESET team for more information, please click here.

**About ESET  
**For more than 30 years, ESET® has been providing enterprises across the globe with industry-leading IT security software and services, including endpoint detection and response, encryption and authentication, and comprehensive security services packages. With high-performing, easy-to-use solutions that cater to businesses of all sizes, ESET protects customers from increasingly sophisticated digital threats in an ever-evolving landscape. ESET delivers to the enterprise market the people, expertise, and cutting-edge technology required to keep businesses safe and running without interruption. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.

SOURCE ESET

ESET Launches NetProtect Suite of Advanced Cybersecurity Offerings for Telcos and ISPs

Researchers from Shadowserver recommend removing the servers from the Internet to shrink external attack surface.

Shadowserver researchers scanning the Internet for exposed MySQL servers said they received more than 2.3 million IPv4- and 1.3 million IPv6 addresses in response to their connection requests on port 3306/TCP, indicating the connected servers were wide open to attack. 

Of the more than 3.6 million exposed MySQL servers, most were located in the US, with more than 740,000; followed by China, with more than 296,000; and Poland, with more than 207,000 accessible devices.   

"It is unlikely that you need to have your MySQL server allowing for external connections from the Internet (and thus a possible external attack surface)," Shadowserver said in a post about the MySQL findings. "If you do receive a report on your network/constituency, take action to filter out traffic to your MySQL instance and make sure to implement authentication on the server."

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

3.6M MySQL Servers Found Exposed Online

Industry veterans roll out end-to-end incident response services and innovative tech-enabled platform, following successful incubation.

PHILADELPHIA, May 31, 2022 /PRNewswire/ -- Surefire Cyber today launched as a new incident response company to help cyber insurers, brokers, law firms, and the organizations they support to better manage cyber events such as ransomware, email compromise, and other cybercrimes. The company also announced $10 million in Series A funding, led by Forgepoint Capital.

Industry veterans roll out end-to-end incident response services and innovative tech-enabled platform, following success

"Surefire Cyber's goal is to work with our clients and partners to swiftly manage a cyber incident and then bring forward capabilities to help them become more cyber resilient. Our delivery of end-to-end digital forensics and incident response capabilities is built on a tech-enabled framework and delivered through a platform that aligns and connects an organization's executives, technical team, insurance carrier, and legal counsel." said Billy Gouveia, the CEO and Founder of Surefire Cyber.

Mark Greisiger, President and Founder of NetDiligence®, comments that "Surefire Cyber is committed to being great partners to carriers, brokers, Breach Coaches®, and the clients they work together to support. We are pleased to welcome them as new contributors to the cyber insurance ecosystem who offer deep experience and a valuable perspective."

Given two long-term trends, the rising cost of cyber incidents and the growing adoption of cyber insurance, industry veterans created Surefire Cyber as a purpose-built response firm that leverages a proven team and a tech-enabled platform to improve transparency, accelerate decision making, reduce business interruption, and guide organizations from recovery through to long term resilience.

Surefire Cyber is backed by Forgepoint Capital, the world's most active early-stage venture capital firm focused on cybersecurity. Prior to launching Surefire Cyber, Gouveia joined Forgepoint as an Entrepreneur-in-Residence to incubate and develop the company's strategy, model, technology, and team while establishing valuable partnerships with companies across the firm's portfolio.

"Our support from Forgepoint Capital enabled us to bring aboard a highly-experienced team of skilled responders, to develop a tech-enabled solution for collaboration with clients and partners during a response, and to leverage the leading cyber venture firm's unmatched capabilities of over 30 portfolio companies so that our clients can better protect their data and defend their organizations," continued Gouveia.

"Surefire Cyber has brought together leading responders with hands-on experience in preparing for all aspects of a cyber incident, expertise to collaboratively guide clients and partners through high-stakes response events, and skill in helping organizations emerge stronger," said Don Dixon, Managing Director of Forgepoint Capital. "What Billy and team are building is truly unprecedented and serves a critical gap in the market."

To learn more, please visit www.surefirecyber.com.

**About Surefire Cyber**

Surefire Cyber delivers swift, strong response to cyber incidents such as ransomware, email compromise, malware, data theft, and other threats with end-to-end response capabilities. Surefire Cyber was founded to provide clients confidence by helping them prepare, respond, and recover from cyber incidents--and to fortify their cyber resilience after an incident. To learn more, please visit: www.surefirecyber.com or follow us on LinkedIn.

Breach Coach is a registered trademark of NetDiligence®.

**About Forgepoint Capital**

Forgepoint Capital is the most active cybersecurity venture capital firm in the world, with 36 active portfolio companies and the largest and most diverse team dedicated to investing in the sector. The firm brings over 100 years of proven company-building experience and its Advisory Council of more than 75 senior executives across industries to support entrepreneurs advancing innovation as they protect the digital future. Founded in 2015, Forgepoint has raised $770 million, deployed over $500 million, and empowered industry leaders such as 1Kosmos, Area 1 Security (Cloudflare), Attivo Networks (SentinelOne), BehavioSec (RELX), Bishop Fox, Cysiv, Huntress, IronNet Cybersecurity (NYSE: IRNT), Noname Security, NowSecure, ReversingLabs, Uptycs and more to reach their market potential. Learn more about Forgepoint at https://forgepointcap.com or follow us on LinkedIn.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Surefire Cyber Launches to Help Cyber Insurance Ecosystem from Response to Resilience, with $10 Million in Funding by Forgepoint Capital

"Follina" vulnerability in Microsoft Support Diagnostic Tool (MSDT) affects all currently supported Windows versions and can be triggered via specially crafted Office documents.

Attackers are actively exploiting an unpatched and easy-to-exploit flaw in the Microsoft Support Diagnostic Tool (MSDT) in Windows that allows for remote code execution from Office documents even when macros are disabled.

The vulnerability exists in all currently supported Windows versions and can be exploited via Microsoft Office versions 2013 through Office 2019, Office 2021, Office 365, and Office ProPlus, according to security researchers that have analyzed the issue.

Attackers can exploit the zero-day flaw — dubbed "Follina" — to remotely execute arbitrary code on Windows systems. Microsoft has warned of the issue giving attackers a way to "install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights." Researchers have reported observing attacks exploiting the flaw in India and Russia going back at least one month.

**Delayed Acknowledgement?**

Microsoft on Monday assigned the flaw a CVE identifier — CVE-2022-30190 — after apparently initially describing it as a non-security issue in April when crazyman, a security researcher with APT threat hunting group Shadow Chaser Group, first reported observing a public exploit of the vulnerability. Though the company's advisory described the flaw as being publicly known and actively exploited, it did not describe the issue as a zero-day threat.

In a May 30 blog post, Microsoft recommended that organizations disable the MSDT URL protocol to mitigate the issue and said it would provide more updates later without specifying when. Microsoft said the Protected View feature in Microsoft Office and the Application Guard for Office both would prevent attacks that try to exploit the flaw.

Microsoft did not respond to a Dark Reading query on whether it had initially described the issue as a non-security issue or when it might have first learned of the flaw. Instead, a spokeswoman pointed to Microsoft's Monday advisory as the only comment the company has on the issue at this time.

MSDT is a Windows support tool that collects and sends data from a user's system to Microsoft support staff so they can analyze and diagnose issues that a user might be encountering on their system. According to Microsoft, the vulnerability is triggered when an Office app like Word calls MSDT using the URL protocol. "An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application," the company noted.

**Multiple Exploits in the Wild**

Though the security researcher with the Shadow Chaser Group first notified Microsoft Security Response Center about the bug more than a month ago, the vuln only received broad attention over the weekend when a researcher spotted a malicious Word document attempting to exploit the issue. Security researcher Kevin Beaumont analyzed the document and found that it was using the remote template feature in Word to retrieve a HTML file from a remote Web server. The retrieved file in turn used the MS-MSDT URL protocol to load code for executing a PowerShell script. Beaumont discovered the document was executing code even with macros disabled. The security researcher found at least two other malicious Word documents in the wild attempting to exploit Follina going back to April.

Significantly, Beaumont and other researchers found that the attack technique allowed threat actors a way to bypass the "Protected View" mechanism in Office that alerts users about content downloaded from the Internet and requires an additional click from them to open. According to Malwarebytes, the warning can be bypassed simply by changing the document to a Rich Text Format (RTF) file. By doing so, code can run without the user even needed to open the document via the preview tab in Explorer, Malwarebytes said.

"RTF files are a special format that allows for documents to be previewed inside of Windows Explorer," says Jerome Segura, senior director of threat intelligence at Malwarebytes. "When that happens, Explorer will call out the msdt process which is being exploited without any warning or prompts," he says. In fact, the Preview pane is a risky feature because it enables zero-click attacks, Segura says. "We recommend users to disable it within Explorer as well as email clients like Outlook."

**Potentially Widespread Impact**

Johannes Ullrich, dean of research at the SANS Institute, says by itself the vulnerability in MSDT wouldn’t be a big deal. But the fact that it can be triggered via Microsoft Office is troubling. All that a user needs to do is to open a specially crafted Word document, or in some cases just previewing it to enable remote code execution, he says. This sets the stage for potentially widespread compromises especially considering that numerous exploits have been available in the wild for a month now.

"There are multiple scripts, examples and tutorials explaining how to exploit this vulnerability. Applying these techniques is easy, Ullrich says. He points to one malicious document to exploit Follina that SANS discovered recently, which purported to contain quotes for mobile phone prices from a reseller. The exploit worked though it appears to have been compiled by a relatively unskilled threat actor. "It appears to have been created by a novice attacker as it doesn't even remove some of the comments added to the malicious document," Ullrich says.  

He recommends that organizations immediately follow Microsoft's guidance and disable the MSDT URL protocol. "This will break the link between Office and the diagnostic tool," he says. Though the vulnerability in MSDT will still be present, it can no longer be triggered when opening a malicious document, he says. SANS recommends that organizations disable the Preview Pane in Windows Explorer.

Dray Agha, ThreatOps analyst at Huntress, which did a deep dive on the vulnerability, says attackers can use Follina to escalate privileges and travel across environments to create havoc. "Hackers can go from being a low-privilege user to an admin extremely easily," Agha says. "The vulnerability can be easily triggered by users simply choosing to “preview” a specifically crafted, maliciously supplied document. It’s that simple."

New Microsoft Zero-Day Attack Underway

With rising fraud, businesses are seeking authentication methods that are security- and user-friendly. But with that comes a few complications.

Pattie Dillon remembers a story from her time as a consultant before becoming product manager of antifraud solutions at SpyCloud. At that time, her call-center client used voice recognition technology to identify a caller who was pretending to be someone else.

"It was a little comical because it was a gentleman that was calling in trying to sound like a woman," Dillon recalls. "Coincidentally, they had had several of these phone calls from this same individual, and \[the software\] was actually able to find those voice patterns and identify it as the same person."

Biometric authentication, such as face ID, voice biometrics, fingerprints, or some combination thereof, is becoming an essential part of the cybersecurity toolbox as organizations try to block adversaries from taking over online accounts and to prevent fraud. However, companies must safeguard biometric data to prevent it from being exploited or stolen.

**How to Secure Biometric Data**

Though biometric authentication can be user-friendly, its critical flaw is that biometric data can't be updated once it is compromised, says Gerald Alston, associate partner and leader of the US security practice for Infosys Consulting. Passwords, PINs, and other identification methods can be replaced, but there's no way to replace a thumbprint, for example, once it is compromised, he says — which is another reason why protecting this type of data is so important.

Traditionally, IT and cybersecurity teams store images containing biometric data in one place after capturing them, but some are starting to explore tokenization. Tokenization is a process in which the images are divided and kept in different locations, reuniting them from their respective databases when the biometric authentication method is used, Alston explains. If an unauthorized intruder enters the system, they need to find where the other components of the biometric images are, but that only delays the inevitable breach, he says.

To better protect tokenized data, Alston suggest implementing a mature encryption key management system, instituting data discipline, and knowing where you currently use tokenization. In other words, make sure you have established processes and procedures for your encryption keys, stay abreast of where your data is, and understand what data you have tokenized and where it's stored, he says.

To that point, another issue to consider is where the data is stored. The FIDO Alliance describes how to securely gather, store, and transmit biometric samples between devices or servers, says Mitek Systems CTO Stephen Ritter. Instead of just saving the biometric image directly on the device or sending it to a central server, the FIDO approach generates a unique cryptographic key pair. When the device is set up for biometric authentication, the private key is saved on the device, usually in the device's secure enclave so that it can't be readily stolen by attackers. The public key is registered with the application or service. During authentication, the client device signs the action — by providing a fingerprint or taking a selfie, for example — with the private key to verify its validity. The secure enclave is designed to be protected space from the rest of the device, and its contents are not readily accessible from outside.

**Legal and Business Requirements**

Besides following industry guidelines, Ritter also recommends that IT and cybersecurity teams watch for data privacy regulations, including the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA), and the Biometric Information Privacy Act (BIPA) in Illinois.

BIPA contains rules for the retention, disclosure, collection, and destruction of biometric data. CCPA requires companies that collect consumers' personal information, including biometric data, to disclose and control the use of the data collected. The European Data Protection Board, which facilitates the consistent application of the GDPR, is soliciting public comments regarding the guidelines for law enforcement use of facial recognition.

"Whenever you are going to collect biometric data and you are going to use it for authentication, you need to be very clear to the user, before they sign up for that service, that that's what you're going to do. And you have to get their consent in writing," Ritter says.

Third-party vendors that handle outsourced biometric authentication are a centralized hub for "mountains of identity data," making them a ripe target for threat actors, Ritter says. Companies should evaluate vendors to ensure the data is secured properly to the extent they are comfortable. Mitek enters into data protection agreements with its clients, complies with ISO 27001 standards, generates System and Organization Controls 2 Type 2 reports, and offers source code reviews, he adds.

"It takes work to go and identify the right vendor and ensure that they have the right security and control in place, but that is almost always better than building these things on your own," Ritter says.

Biometric Data Offers Added Security —  But Don't Lose Sight of These Important Risks

New research finds a rise in TCP acknowledgement (ACK) DDoS attacks, which rely on a smaller amount of traffic to disrupt targets.

In terms of straight numbers, there were fewer distributed denial-of-service (DDoS) attacks in 2021, and the average size of attacks also dropped. But the fact that there were 13% fewer DDoS attacks in 2021 over the previous year is not a lot to cheer about when cybersecurity teams are still grappling with attack volumes far above pre-pandemic levels, according to new research.

Nexusguard analysts say that in 2021 the top DDoS attack vectors were user datagram protocol (UDP) attacks, domain name system (DNS) amplification attacks, and transmission control protocol protocol acknowledgement (ACK) attacks.

Notably, ACK attacks are on the rise, accounting for 9.7% of DDoS attacks in 2021, up from 3.7% in 2020. Numbers for DNS and UDP DDoS attacks were still high enough to keep them in the top two, but both accounted for a smaller percentage of attacks compared with 2020, according to Nexusguard.

While the average attack size fell by 50% over 2021, the maximum attack size nearly tripled, so really large attacks are still a problem.

"Attack vectors are also in flux, because while UDP attacks are still the most common, TCP ACK, which can exponentially amplify the effect of a DDoS event with a small amount of traffic, rose significantly," Juniman Kasman, chief technology officer of Nexusguard, said about the new DDoS research. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Fewer DDoS Attacks in 2021, Still Above Pre-Pandemic Levels

For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern,

CyberCatch's SMBVR has detected - for the first time in the report's history — substantial levels of vulnerability among both U.S. and Canadian SMBs to "session riding" attacks, an insidious tactic that forces authenticated users to unknowingly submit malicious requests that can have drastic consequences.

The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning.

The SMBVR is a quarterly research study focused on SMBs in North America to detect vulnerabilities that a cyber attacker can identify and exploit to break into a business, steal data and or infect its systems with ransomware. The Q1 2022 SMBVR was comprised of scans of a random sample of 12,050 SMBs (10,878 in U.S. and 1,172 in Canada) in ten high-value target segments. Key findings of the Q1 2022 study include:

\-- 82% of U.S. and 78% of Canadian SMBs have spoofing vulnerabilities that attackers can easily exploit.

  
\-- CyberCatch's report detected significant levels of session riding vulnerability among SMBs, with 50% of such businesses in the U.S. demonstrating this vulnerability and 49% in Canada. This is the first time this vulnerability has reached such critical levels in the research report.

  
\-- Spoofing, clickjacking, session riding and sniffing are the four key vulnerabilities that SMBs are susceptible to in the U.S. and Canada.

  
\-- Spoofing, clickjacking and sniffing vulnerabilities levels more than doubled in the U.S. when compared to Q4 2021.

\-- Defense contractors, manufacturers, managed service providers (MSPs), technology companies, colleges and universities, legal and accounting firms and medical practices have significantly higher rates of vulnerabilities both in the U.S. and Canada.

"The Q1 2022 SMBVR should be a wake-up call for all types of SMBs. The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning. It indicates that large numbers of SMBs have security holes that can be easily exploited remotely to steal data and install  
ransomware. This is an existential threat to SMBs - and to the overall economies of the U.S. and Canada," said Sai Huda, founder, chairman and CEO, CyberCatch. Mr. Huda is a globally recognized risk and cybersecurity expert and author of the best-selling book, "Next Level Cybersecurity."

"Given its size, limited knowledge about cybersecurity and resources, an SMB may never be able to recover from a cyberattack. Foreign adversaries and criminal gangs view SMBs as the weakest link in the chain and are increasingly targeting SMBs for the initial payout but also to get to the eventual larger target who the SMB may be a supplier to (upstream risk), or to the SMB's customers (downstream risk) and in the process, they don't care a bit about any collateral damage caused or if the SMB survives or not," continued Mr. Huda.

"In fact, two Joint Advisories issued in May 2022 from International Cyber Authorities, confirm the risk identified by CyberCatch. The May 11 Joint Advisory from the U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, Australia and New Zealand)warns of expected increased attacks targeting MSPs focusing on their customers (downstream risk). The majority of MSPs are themselves SMBs and CyberCatch's SMBVR identified MSPs as one of ten segments with significant vulnerabilities that could be exploited. The May 17 Joint Advisory from U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, New Zealand and Netherlands) warns of missing or ineffective cybersecurity controls that are commonly exploited by attackers, which includes failing to scan for vulnerabilities and failing to perform ongoing testing of controls, so SMBs need to take enhanced risk mitigation action as recommended in the Joint Advisories and in the SMBVR," said Mr. Huda.

To download a copy of the SMBVR, please visit CyberCatch's website.

**About CyberCatch**

CyberCatch is a unique cybersecurity Software-as-a-Service (SaaS) company that protects small and medium-sized businesses (SMBs) from cyberattacks by focusing on the root cause why SMBs fall victim: security holes. It provides an innovative cloud-based SaaS platform coupled with deep subject matter expertise to help SMBs implement just the right type and amount of cybersecurity controls. The platform then performs automated testing of controls from three dimensions: outside-in, inside-out and social engineering. It generates the Cyber Breach Score to continuously measure cyber risk, and finds security holes and guides the SMB to fix them promptly, so attackers can't exploit any missing or broken controls to break in and steal data or infect ransomware. CyberCatch's continuous value proposition: Test. Fix. Secure.

Learn more at: https://www.cybercatch.com

New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.

The digital supply chain is under attack like never before. Listed among the top seven security concerns for 2022 by Gartner, digital supply chain security is now top of mind for cybersecurity teams, CISOs, and the entire C-suite. For the first time, digital supply chain attacks are threatening business continuity for large-scale enterprises.

**Why the Digital Supply Chain and Why Now?**

Digital supply chains are connected to almost every mission-critical service in an organization. All Internet-facing services are built on a tiered ecosystem of third-party services and infrastructures. In turn, every third party has its own third parties, which have their own third parties, and so on down the line. This means that the vulnerabilities of your vendors and your vendors' vendors (and so on) often become _your_ vulnerabilities.

There are several reasons why digital supply chains are especially vulnerable now, including:

*   **Digital supply chain attacks are worth the investment for hackers.** Owing to the nature of the digital supply chain, replicating a single exploit can cast a very wide attack net. This exponentially increases the potential attack payoff and the ROI of exploit development.

*   **Developers of Web-based applications and services accelerate development with external code packages**. These development paradigms carry their own inherent vulnerabilities, the dangers of which are passed up the digital supply chain.

*   **Cloud service security often falls into a digital no-man's-land.** SaaS or PaaS managed cloud services operate in a shared responsibility model. This creates a gray area among vendors, making it hard for traditional cybersecurity solutions to identify if a third-party component has been tampered with.

Threat actors know that it's easier to exploit a vulnerability deep within the digital supply chain than to attack an enterprise head-on. This is why digital supply chains are now the fastest-growing attack surface for most enterprises: By our estimates, 50% to 60% of all cyberattacks are perpetrated via third parties.

**The Action Items**

To mitigate the risk of attack via digital supply chain vectors, enterprises need to adopt a proactive threat prevention strategy and remediate vulnerabilities before they become catastrophic breaches. Here's a list of how that breaks down and what needs to happen _yesterday_:

*   **Automate asset discovery:** You can't protect what you don't see, so proactively discover what's out there. Find and map known, unknown, and orphaned externally facing assets, including those introduced through shadow IT implementations. Take into consideration the uncontrolled assets that form your digital supply chain, no matter how far downstream they may be.  
    
*   **Assess vulnerability:** Once you know what you have, you still need to understand which (if any) external assets are vulnerable, how they can be exploited, and the severity of the risk they pose. In addition, "follow the connections" by conducting an in-depth and extensive connection-oriented assessment — discovering how assets downstream are vulnerable, and how that vulnerability may be propagated back up the digital supply chain and become a security risk.  
    
*   **Continuously monitor:** What was secure yesterday may not be secure tomorrow. Make sure you’re continuously scanning to identify new assets in your external attack surface or supply chain (for example, a new third-party vendor or a change in third-party cloud storage providers). Then, reassess each third-party asset, externally facing Internet asset, and distributed cloud infrastructure. Check closely for signs of digital supply chain misconfigurations and vulnerabilities.  
    
*   **Prioritize risk and plan remediation:** What should your team mitigate first? Do you have an actionable, timely mitigation and remediation plan and workflow based on vulnerability prioritization — for both your external attack surface and digital supply chain?

It's important to apply these strategies not only to your direct Internet-facing assets, but also to key areas including:

*   **Cloud-based services:** The keys to your castle are literally in the cloud. Their security is crucial to business continuity. Yet cloud misconfigurations are the leading cause of vulnerabilities. Create an end-to-end inventory of cloud assets across all cloud providers. Use this dynamic inventory as the basis for ongoing monitoring and risk management planning.

*   **Subsidiaries:** Digital assets that belong to your subsidiaries but are connected to your primary business may pose risk. It's important to assess and remediate that risk.

*   **M&As:** Even after mergers, acquisitions, and divestitures, networks may still contain connected assets. It's critical to get a handle on the risk signature of newly acquired or newly relinquished digital assets as part of any merger, acquisition, or divestiture.

**The Bottom Line**

Recent attacks have crystalized what hackers have understood for years — a breach anywhere along the digital supply chain can easily lead to a compromise of services, users, customers, and your brand reputation. To beat digital supply chain attacks, companies need to take a proactive approach to resolving the vulnerabilities within _their entire external attack surface_ — including third parties and beyond.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Source

DARKReading