SEC News

What's new arround internet

Last one

Src	Date (GMT)	Titre	Description	Tags	Stories	Notes
	2023-11-09 10:34:02	Proofpoint remporte les meilleurs honneurs au 2023 Ciso Choice Awards Proofpoint Wins Top Honors at 2023 CISO Choice Awards (lien direct)	Cette semaine, Proofpoint a été reconnu avec les meilleurs honneurs dans deux catégories aux 2023 Ciso Choice Awards, notamment Premier Security Company et la meilleure formation de sensibilisation à la sécurité pour la sensibilisation à la sécurité. Une première reconnaissance du fournisseur en son genre sélectionné par un conseil d'administration de Cisojudge & # 8211;des chefs de sécurité éminents qui ont construit et maintenu leurs propres programmes & # 8211;Les Ciso Choice Awards sont un guide d'acheteur pour leurs pairs lors de la sélection des technologies qui protègent efficacement les personnes et défendent les données.Maintenant dans sa quatrième année, les prix honorent les fournisseurs de sécurité de toutes tailles, types et niveaux de maturité, reconnaissant les solutions différenciées de haut niveau des fournisseurs de solutions de sécurité innovants dans le monde entier. Les CISO apportent des perspectives du monde réel, et les juges des prix Ciso Choice comprennent que les parties critiques de la chaîne d'attaque ne peuvent pas être efficacement combattues sans adopter une approche centrée sur les gens.Le déploiement d'une approche en couches de la cybersécurité qui comprend l'identification des risques, l'atténuation et la formation de sensibilisation à la sécurité est crucial pour protéger les organisations contre les menaces modernes d'aujourd'hui. Société de sécurité Premier Proofpoint analyse plus de communications humaines que toute autre entreprise de cybersécurité, nous permettant de fournir des innovations d'abord industrielles qui perturbent le livre de jeu de l'acteur de menace dans la chaîne d'attaque pour le BEC, le ransomware, le vol de données et d'autres risques qui comptent.En fournissant à nos clients un chemin unifié pour résoudre le risque dans toute la chaîne d'attaque, les CISO acquièrent une visibilité inégalée et la protection contre les tactiques sur lesquelles les adversaires s'appuient sur la plupart. Formation de sensibilisation à la sécurité Propulsé par les renseignements sur les menaces réelles à partir de 2,6 milliards de courriels analysés quotidiennement, la sensibilisation à la sécurité de ProofPoint façonne la façon dont les employés agissent face à des menaces.Il fournit une éducation ciblée qui intègre ces données de menace pour construire une solide culture de la sécurité en permettant aux utilisateurs les bonnes connaissances et compétences, tout en les motivant à une éducation engageante et personnalisée. "Je tiens à féliciter Proofpoint pour avoir remporté les catégories de formation de la société de sécurité et de sensibilisation à la sécurité. Le domaine était exceptionnellement compétitif.Pour sauvegarder nos organisations ", a déclaré David Cass, Cisos Connect and Security actuel président actuel et Global CISO chez GSR. Les victoires de la Ciso Choice 2023 de Proofpoint Point \\ se joignent à une liste croissante de la reconnaissance de l'industrie et soulignent notre leadership de marché.La reconnaissance des prix de Ciso Choice Ciso pour Proof Point comprend: 2022 Ciso Choice Awards: Risque et conformité de la gouvernance (GRC): Plateforme de complexité et de conformité Proofpoint Formation de sensibilisation à la sécurité (pour l'employé de tous les jours): sensibilisation à la sécurité de la preuve 2021 Ciso Choice Awards: Société de sécurité Premier Sécurité du cloud: Point de preuve Sécurité du cloud Sécurité des e-mails: Protection de la menace à la menace Pour en savoir plus sur DePoolinpoint, visitez: https://www.proofpoint.com/ Pour en savoir plus sur la formation à la sensibilisation à la sécurité à l'étanché This week, Proofpoint was recognized with top honors in two categories at the 2023 CISO Choice Awards, including Premier Security Company and best Security Awareness Training for Proofpoint Security Awareness. A first-of-its-kind vendor recognition selected by a board o	Ransomware Threat Cloud		★★
	2023-11-09 07:02:10	Le pouvoir de la simplicité: élever votre expérience de sécurité The Power of Simplicity: Elevating Your Security Experience (lien direct)	Recent research underscores just how challenging the current threat and risk landscape is for businesses and their security and IT teams. Ransomware attacks are up 153% year over year. Business email compromise (BEC) attacks doubled during the same period. Meanwhile, the global deficit of skilled security personnel sits at about 4 million. New threats are emerging and existing ones are growing more sophisticated all the time. Security measures need to keep pace with these dynamics to be effective. Businesses must be proactive and aim to stop threats before they start, but still be able to respond with speed to incidents already in progress. To do that, you must understand how attackers are targeting your business. And you must be able to clearly communicate those risks to executive leadership and peer stakeholders. At Proofpoint, our goal is to protect our customers from advanced threats by streamlining our solutions and processes while also providing easy-to-understand threat visibility. That\'s why we introduced improvements to the usability and reporting of the Proofpoint Aegis threat protection platform. Read on to learn more. 3 Aegis usability enhancements The market spoke, and we listened. Feedback from our customers was key in developing all of the following user interface (UI) enhancements, which we focused around three goals: simplifying access, prioritizing usability and clarifying the threat landscape. 1: Simplifying access Complexity hinders productivity and innovation. With that in mind, Proofpoint launched a new single sign-on (SSO) portal to provide a centralized, frictionless user login experience to Aegis. Customers can now use a single URL and single set of credentials to log in to the platform and switch seamlessly between our products. That\'s a big win for businesses that use multiple Proofpoint solutions. Your business can expect to see improved operational efficiency. By simplifying access to the Aegis platform, we\'re reducing the time admins spend getting to work, navigating their environments and searching for tools. The SSO portal is a significant step forward in improving the usability and user experience of the Proofpoint Aegis platform. 2: Prioritizing usability Proofpoint\'s user-centric design approach means our solutions are becoming more intuitive and easier to use all the time. The new usability updates for Aegis reduce cognitive load by minimizing the mental effort that\'s required to focus on processes. This makes creating natural workflows less complex, which results in fewer errors and less time spent on manual work. Our intuitively designed tools reduce frustration and effort for users by enabling faster onboarding. They also provide better problem-solving and self-troubleshooting capabilities. Our goal of improved usability led us to incorporate new Email Protection modules into the updated cloud administration portal. The modules offer streamlined workflows and quicker response times. This means admins can perform their daily tasks and manage email threats more easily. And they don\'t have to navigate through complicated menus. The Email Protection modules are available now in PPS 8.20; they include the Email Firewall and Spam Configuration UIs. 3: Clarifying the threat landscape Proofpoint has long been at the forefront of bringing clarity to the threat landscape. And we know that when security and IT teams have more visibility, they can make more informed decisions. However, we also know that for actionable decisions to be truly effective, threat landscape visibility needs to be quick and easy for other stakeholders to grasp as well. We\'re striving to minimize information overload through summarized and contextually driven documentation. This helps you to always know and understand the cyberthreats your business is facing. Clear, easy to access data allows administrators to move fast to keep up with evolving threats. It also enhances the ability to communicate risk to nontechnical stakeholders w	Ransomware Spam Tool Threat Cloud		★★
	2023-11-08 06:00:00	Protéger vos chemins, partie 1: comment la gestion du chemin d'attaque peut arrêter les attaquants sur leurs traces Protecting Your Paths, Part 1: How Attack Path Management Can Stop Attackers in Their Tracks (lien direct)	This blog is the first in a series where we explore attack path management. We\'ll explain what you need to know and give you the tools you need to help you better protect the middle of the attack chain. A big reason that successful cyberattacks are on the rise is that threat actors are shifting their tactics to identity-based attacks. Last year, 84% of businesses fell victim to an identity-related breach. When attackers land on a host, it is rarely their end target. Instead, they look to escalate privilege and move laterally across an environment. Their next step is to exploit more privileged credentials, and they often do this by using shadow admin vulnerabilities. It can be a challenge to stop them. To do so, you need to quickly discover, prioritize and remediate identity vulnerabilities. But first, you need to know what you\'re up against. In this blog post, we explore the multitude of identity vulnerability challenges, and we explain why an attack path management (APM) view is so important. We also specify which identity-centric attack vectors are likely to exist in your environment. Key terms Before we dive into this topic further, let\'s define some key terms that are central to this area of security: Attack path management. This refers to the process of identifying, analyzing, understanding and remediating attack paths within a business. Identities and other system resources are typically spread across multiple on-premises and cloud identity stores. These include Microsoft Active Directory (AD), Entra ID (formerly Azure AD), AWS and Okta. Attack path. Threat actors follow a sequence of steps as they compromise security, which is called an attack path. The typical end result is the compromise of a tier-zero asset (TZA)-or what is generally referred to as a bad breach. TZAs. Tier-zero assets are often referred to as the “crown jewels.” They are a company\'s most critical and sensitive assets. They can include systems, data or other resources (databases, web gateways) that are essential to its operation, reputation and overall resilience. In certain scenarios, AD domain controllers or authentication systems can be considered TZAs given the broad scope of damage that can arise with their breach. The risks of TZA compromise Compromising a tier-zero asset is a high-value objective for attackers because it allows them to achieve their financial or other malicious goals. Here are some common objectives: Data exfiltration TZAs may store or have access to critical and sensitive data or intellectual property. Or they might be critical system resources that, if compromised, could result in a service outage. Attackers aim to steal this information for financial gain, espionage or extortion. Data exfiltration clearly impacts the confidentiality part of the CIA triad. Data manipulation Attackers may alter or manipulate data within TZAs to achieve their goals. For instance, they could modify user account settings, insert malicious code or encrypt data as a step toward operational disruption. Data manipulation impacts the integrity part of the CIA triad. Denial of service (DoS) or disruption Attackers may use compromised tier-zero assets to launch DoS attacks against critical operational services in an enterprise. This can disrupt services and cause operational or financial harm to the business. This exposure category is about impacting the availability portion of the CIA triad. Ransomware Attackers may use their control over TZAs to deploy ransomware across a network. By encrypting critical systems and data, they can demand substantial ransom payments in exchange for the decryption keys. Ultimately ransomware attackers are focused on financial gain. One of their main tactics for extracting a ransom is threatening to directly impact system availability. (See this 2021 breach as an example.) Lateral movement to more TZAs Once attackers compromise a tier-zero asset, they can use it as a launch pad to move laterally to other TZAs. Figure 1. Tier-zero	Ransomware Tool Vulnerability Threat Cloud		★★
	2023-10-26 06:00:18	Break the Attack Chain with Identity Threat Protection (lien direct)	“The attacker only has to be right once. Defenders have to get it right every time.” This well-known saying has shaped countless cybersecurity strategies. The belief is that a single compromise of our defenses can lead to a catastrophic outcome. As new risks emerge and attackers develop tactics to evade controls, defenders face the daunting task of protecting an ever-expanding array of connected identities. Many companies now embrace resilience strategies, accepting that an incident is inevitable - “It\'s not a matter of if, but when.” That\'s because defenders have been fixated on the impossible task of protecting everything within the business. But a new industry approach to cyber defense in recent years has emerged that points the path towards a better way. Instead of protecting everything, defenders should aim to neutralize attackers\' tactics, techniques and procedures (TTPs), which are hard to replace. This disrupts the completion of the attack chain. What is the attack chain? And how does identity threat protection disrupt it? That\'s what we\'re here to discuss. The enduring relevance of the attack chain No other concept has captured the essence of successful cyber attacks like the attack chain (aka the “cyber kill chain”), which was developed by Lockheed Martin in 2011. Even 12 years later, the attack chain remains relevant, while defenders struggle to prevent the most impactful incidents. While cyber criminals don\'t follow the same steps every time, the basic phases of an attack are pretty much always the same: Steps in the cyber attack chain. The challenge of initial compromise The first phase in the attack chain is the initial compromise. Modern cyber criminals use an array of tactics to infiltrate companies and wreak havoc on their systems, from BEC attacks to cloud account takeovers and ransomware incidents. One trend is to exploit trusted third-party relationships to compromise companies through their suppliers. What seems like an innocuous initial email can escalate into a full-scale compromise with great speed. Once attackers gain unrestricted access to a company\'s domain, they can infiltrate email accounts to commit fraudulent activities. One alarming twist to credential phishing emails is that they can evade detection. They leave behind no traces of compromise or malware. Even with the rise of multifactor authentication (MFA), these attacks continue to surge. Once accounts are compromised through a credential phishing email or a vulnerable remote desktop session, businesses face the next phase of the attack chain: privileged escalation and lateral movement within their networks. Next phase: privilege escalation and lateral movement This is the middle of the attack chain. And it\'s where threat actors try to breach a company\'s defenses. Often, they do this by compromising the identities of employees, contractors, service providers or edge devices. Their main goal is to use this initial access to elevate their privileges, typically targeting Active Directory (AD). AD, which many businesses around the world use, is susceptible to compromise. It can provide attackers with unparalleled control over a company\'s computing infrastructure. With this access, they can engage in lateral movement and spread malware across the business, causing more harm. Finally, the risk of data loss Attackers don\'t rely on a single stroke of luck. Their success hinges on a series of precise maneuvers. Monetary gains through data exfiltration are often their objective. And once they have navigated the intricate web of identities, they can target valuable data and orchestrate data theft operations. Defenders must disrupt this chain of events to prevent the loss of sensitive data, like intellectual property or customer identifiable data. Then, they can gain the upper hand and steer the course of cybersecurity in their favor. The three best opportunities to break the attack chain. Building a map of your organizat	Ransomware Malware Tool Threat Prediction Cloud		★★
	2023-10-25 09:54:27	Utilisation d'AWS SQS pour créer un planificateur de tâches distribué et un cadre d'exécution Using AWS SQS to Create a Distributed Task Scheduler and Execution Framework (lien direct)	Engineering Insights est une série de blogs en cours qui donne à des coulisses sur les défis techniques, les leçons et les avancées qui aident nos clients à protéger les personnes et à défendre les données chaque jour.Chaque message est un compte de première main de l'un de nos ingénieurs sur le processus qui a conduit à une innovation de preuves. Un exécuteur de tâches distribué est un composant crucial lorsque vous créez des systèmes évolutifs et résilients qui peuvent gérer une large gamme de tâches, du traitement des données et des travaux de lots au traitement d'événements en temps réel et à l'orchestration des microservices. Chez ProofPoint, nous recherchions un exécuteur de tâches distribué simple pour le sous-ensemble des tâches à exécuter dans AWS.Nous voulions qu'il soit facile à entretenir et à déployer, à fournir une commande cohérente des tâches, à avoir une bonne gestion des erreurs et à réessayer les tâches ratées.L'intégration avec des composants sans serveur était un plus car il nous fournirait beaucoup plus d'options pour augmenter et paralléliser le traitement des tâches. Parmi les nombreux cadres que nous avons évalués les plus notables figuraient Hazelcast, Apache Air Flow et Facebook Bistro.Apache Air Flow et Bistro ont besoin d'un déploiement d'infrastructures supplémentaires, tandis que Hazelcast a besoin de persistance pour être configurée pour stocker l'état de la tâche.Nous voulions limiter les dépendances autres que ce que nous utilisons déjà dans AWS.En fin de compte, nous avons décidé qu'AWS SQS était le meilleur de toutes les options. En utilisant les fonctionnalités des files d'attente AWS SQS, nous avons pu assembler un planificateur de tâches distribué et un cadre d'exécution comme indiqué ci-dessous dans la figure 1. Figure 1: La file d'attente FIFO AWS SQS en tant qu'orchestrateur entre la source de tâche et les exécuteurs. Caractéristiques de conception clés de l'architecture ci-dessus Le plan de l'architecture ci-dessus est partagé en tant que module Terraform afin que chaque équipe ou service puisse déployer son propre planificateur de tâches distribué hautement disponible.Voici ce que vous devez savoir sur ses caractéristiques de conception clés: Fonctionnalité Description Disponibilité Un aspect clé de tout exécuteur de tâches distribué est d'éliminer le point de défaillance unique.Étant donné que AWS SQS est résilient et très disponible, cela signifie que la file d'attente des tâches l'est aussi. Évolutivité SQS propose l'intégration hors de la boîte avec AWS LAMDA à l'aide de la LAMDA Invocation via des déclencheurs de source d'événements. La configuration de contrôle de concurrence sur SQS augmente la parallélisation. Par défaut, la taille du message prise en charge est 256KIB;Il peut être étendu jusqu'à 2 Go avec la lib client étendu. Tolérance aux défauts La configuration du délai d'expiration de visibilité du message garantit que les tâches d'exécution ratées sont redistribuées aux travailleurs disponibles. Des battements cardiaques peuvent être ajoutés pour prolonger les délais de visibilité pour les tâches de longue date. Tentatives Une fois le nombre défini de tentatives atteintes, SQS fournit des files d'attente dans les lettres d'adolescents (DLQ) où les événements sont redirigés.Cela nous permet d'intervenir manuellement, de déboguer ou de revoir les tâches.Cela nous aide également à atténuer et à éliminer les tâches de pilule de poison si elles apparaissent dans la file d'attente. Commande et regroupement de messages Les files d'attente SQS FIFO fournissent un regroupement de messages et une commande au sein des groupes. La déduplication des files d'attente FIFO aide à prévenir l'exécution des tâches en double. Flux de travail En utilisant les fonctions AWS Step, nous pouvons réaliser des workflows pour l'exécution des tâches. Déploiement Il est possible d'utiliser la format	Cloud		★★
	2023-10-23 05:00:00	De Copacabana à Barcelone: la menace croisée des logiciels malveillants brésiliens brésiliens From Copacabana to Barcelona: The Cross-Continental Threat of Brazilian Banking Malware (lien direct)	Key Takeaways A new version of Grandoreiro malware from TA2725 targets both Mexico and Spain. Previously this malware has only targeted victims in Brazil and Mexico. Overview Proofpoint researchers have long tracked clusters of malicious activity using banking malware to target users and organizations in Brazil and surrounding countries. Recently, researchers observed multiple threat clusters targeting Spain from threat actors and malware that have traditionally targeted Portuguese and Spanish speakers in Brazil, Mexico, and other parts of the Americas. While the targeting of victims in the Americas has been common for some time, recent clusters targeting Spain have been unusual in frequency and volume compared to previous activity. Brazilian Cyber Threat Landscape The Brazilian cyber threat landscape has changed rapidly over the last several years becoming more complicated and diverse. More people than ever are online in the country meaning the potential victim base has increased. According to third-party reporting, Brazil is among the most highly-targeted countries for information stealers and other malware, and its broad adoption of online banking offers potential for threat actors to social engineer people eager to conduct financial activity online. Brazilian Banking Malware Brazilian banking malware comes in many varieties, but, based on Proofpoint observations, most of them appear to have a common ancestor written in Delphi with source code reused and modified over many years. This base malware has spawned many varieties of Brazilian malware including Javali, Casabeniero, Mekotio, and Grandoreiro. Some malware strains like Grandoreiro are still in active development (both the loader and the final payload). Grandoreiro has capabilities to both steal data through keyloggers and screen-grabbers as well as steal bank login information from overlays when an infected victim visits pre-determined banking sites targeted by the threat actors. Based on recent Proofpoint telemetry, Grandoreiro is typically delivered with an attack chain beginning with a URL in an email with various lures including shared documents, Nota Fiscal Electronicos (NF-e, a tax form required to be used by organizations in Brazil), and utility bills. Once a victim clicks the URL, they are delivered a zip file containing the loader, usually an MSI, HTA or exe file. If the user runs the loader, the malicious file will use DLL injection to add malicious behavior to an otherwise legitimate but vulnerable program included in the zip file with the loader. The loader will then download and run the final Grandoreiro payload and check in with a command and control (C2) server. Previously, bank customers targeted by Grandoreiro overlays have been in Brazil and Mexico, but recent Grandoreiro campaigns show that this capability has been expanded to banks in Spain as well. Two campaigns attributed to TA2725 spanning from 24 through 29 August 2023 shared common infrastructure and payload while targeting both Mexico and Spain simultaneously. This development means that the Grandoreiro bank credential stealing overlays now include banks in both Spain and Mexico in the same version so that the threat actors can target victims in multiple geographic regions without modification of the malware. Figure 1. Common C2 and payload download for both campaigns. Threat actors from the Americas have previously targeted organizations in Spain but have typically used more generic malware or phishing campaigns that were unique to Spain. In this case, the threat actors have expanded this version of Grandoreiro that had previously only targeted the Americas to include other parts of the world. Figure 2. Example of TA2725 targeting of victims in Spain in August and September by spoofing ÉSECÈ Group, a Spanish manufacturing company. Figure 3. Example of an unattributed Grandoreiro cluster targeting Spain with a mobile phone bill lure spoofing Claro. TA2725 TA2725 is a threat actor Proofpoint has tracked since March 202	Malware Threat Cloud		★★★
	2023-10-16 07:29:59	Navigation du cyber-risque: ce qu'il faut rechercher dans la couverture de la cyber-assurance Navigating Cyber Risk: What to Look for in Cyber Insurance Coverage (lien direct)	Modern threats like phishing, ransomware and data breaches cast a dark cloud over businesses across sectors. For most bad actors, the goal of an attack is financial. As Proofpoint noted in the 2023 State of the Phish report, 30% of businesses that endured a successful attack experienced a direct monetary loss, such as a fraudulent invoice, wire transfer or payroll redirection. That is an increase of 76% year over year. A cyber insurance policy can protect you from the financial losses caused by cybersecurity incidents and data breaches. And when businesses pair cyber insurance with the prowess of Proofpoint solutions, they can build a formidable defense strategy. In this blog, we\'ll go over some best practices for choosing and managing you cyber insurance policy so you can protect yourself from risk. Actions that cyber criminals monetize Our research for the latest State of the Phish report shows that the three most common consequences of a cyber attack are: Data breach (44%) Ransomware infection (43%) Account compromise (36%) Notably, cyber criminals can monetize all these actions. Most common results of successful phishing attacks. (Source: 2023 State of the Phish report from Proofpoint.) Just one cybersecurity incident can cost tens of thousands of dollars. So, it\'s easy to understand why insurers see these incidents as too costly to cover in their general liability policies. But with cyber insurance, your business has a tool to help manage risk. Why cyber insurance can be a vital financial safety net While firewalls and endpoint protections remain vital, the truth is that a level of residual risk always exists. No matter how fortified your security is, breaches can happen due to ingenious adversaries, human error or just unfortunate circumstances. This is where cyber insurance comes to the rescue. It is the safety net that catches your business when your defenses fall short. It can help you cover costs like ransomware payments, legal fees, and costs associated with crisis management and revenue loss. In the graphic below, we can see how often cyber insurance covered losses from ransomware attacks among those surveyed for our 2023 State of the Phish report. Nearly three-quarters (73%) of businesses with cyber insurance policies said their insurers paid at least some of their ransomware-related losses. (Source: 2023 State of the Phish report from Proofpoint.) Cyber insurance best practices Now that we\'ve covered why cyber insurance can be a vital financial safety net, let\'s look at some essential best practices for cyber insurance. These measures can help your business become more effective at managing cybersecurity risks. Find an expert and ask for support and guidance. Specialized brokers are your allies in the intricate world of cyber insurance. Insurers vary in risk appetite, claim acceptance rates and expertise. Brokers have an in-depth grasp of this landscape, and they will assess your options meticulously. They will help ensure that the policy you choose is the right fit for your industry, size, risk profile and more. Be prepared for a rigorous assessment. Today, insurers want more insight into your company\'s security protocols and controls before they issue a cyber insurance policy. So preparedness is key. Be ready to provide evidence, like external audits, penetration test results and compliance certifications to insurers. If you implement access controls that insurers deem vital, such as multifactor authentication (MFA) and privileged access management (PAM), it may help to reduce your premiums. Closely examine coverage scope. Coverage specifics vary globally. But you will find that most cyber insurance policies cover a portion of losses from ransomware attacks and expenses linked to crisis responses. You need to have a thorough understanding of the breach scenarios your policy does or does not cover. Take note of any exclusions. Also, be sure to scrutinize services like breach investigation support, legal	Ransomware Tool Threat Guideline Cloud		★★★
	2023-10-10 17:00:00	Le nouveau rapport Ponemon montre que les organisations de soins de santé font peu de progrès dans la protection des patients contre les dommages des cyberattaques New Ponemon Report Shows Healthcare Organizations Are Making Little Progress in Protecting Patients from the Harms of Cyber Attacks (lien direct)	The healthcare sector is finally acknowledging that cyber attacks affect more than just the financial bottom line. Providers are starting to understand that a weak cybersecurity posture puts patients\' safety and well-being at risk-and may endanger lives. Despite this growing understanding, however, little progress has been made in the past year to improve organizational security. The Ponemon Institute\'s second annual Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care 2023 report, commissioned by Proofpoint, shows that healthcare businesses have made no strides in protecting patients from the physical harm of cyber attacks. The survey found that 88% of healthcare companies experienced an average of 40 attacks in the past 12 months. Among the 653 healthcare and IT security practitioners surveyed: 66% said cyber attacks targeting their business disrupted patient care 50% experienced an increase in complications from medical procedures 23% saw an increase in mortality rates These numbers are similar to last year\'s report and confirm what\'s already well-known in the industry: Change is slow in healthcare, especially when it comes to IT investments. The devastating impacts of various attacks on patient safety The most common types of attacks examined in the Ponemon report are: Cloud compromise Ransomware Supply chain Business email compromise (BEC) We learned that supply chain attacks are the most likely to disrupt patient care (77%, up from 70% in 2022). However, when it comes to specific repercussions, BEC leads in three of five categories. This is the type of attack most likely to cause poor outcomes due to: Delays in tests and procedures (71%) An increase in complications from medical procedures (56%) A longer length of stay (55%) What may surprise healthcare leaders and clinicians is the impact of data loss or exfiltration. When protected health information (PHI) is compromised, most think in terms of the impact to patient privacy. However, the report shows that the implications are far more dangerous. Forty-three percent of survey participants said a data loss or exfiltration incident affected patient care. Of those that experienced this impact, 46% saw an increase in mortality rates, and 38% noted an increase in medical procedure complications. Cloud risk on the rise as adoption grows The healthcare sector has lagged behind most other industries in cloud adoption. It took a global pandemic to shake things up: Sixty-two percent of surveyed physicians said the pandemic forced them to make upgrades to technology that would have taken years to accomplish otherwise. But with the broad adoption of cloud apps, care providers are more vulnerable to cloud threats. ECRI (an independent authority on healthcare technology and safety) ranked care disruption due to the failure to manage cyber risk of cloud-based clinical systems as one of the top 10 healthcare technology hazards for 2023. Given the high rate of adoption, it\'s not surprising the Ponemon report found that cloud compromise is now the top concern for healthcare companies. Cloud compromise rose to first place this year from fifth last year-with 63% of respondents expressing this concern, compared with 57% in 2022. Likewise, healthcare businesses are feeling the most vulnerable to a cloud compromise than other types of attacks, with 74% of respondents in agreement. Ransomware remains ever-present, despite decreased concerns One surprising finding from the survey is the significant decrease in concerns about ransomware attacks. Although 54% of respondents reported that their business had experienced a ransomware attack (up from 41% in 2022), they\'re the least worried about this type of threat. Only 48% of those surveyed said ransomware was a concern-a big decline from last year\'s 60%. Based on recent events, we know that the impacts of ransomware incidents are getting worse. In August, for example, a ransomware attack on a California-based health system	Ransomware Threat Medical Cloud		★★★★
	2023-10-05 06:00:21	Proofpoint remporte l'innovation en cybersécurité basée sur l'IA de l'année aux prix de percés de cybersécurité 2023 Proofpoint Wins AI-based Cybersecurity Innovation of the Year at the 2023 CyberSecurity Breakthrough Awards (lien direct)	Je suis ravi de partager cette plate-forme de protection contre les menaces de preuves Aegis a été reconnue comme l'innovation en cybersécurité basée sur l'IA de l'année aux Cybersecurity Breakthrough Awards.Le programme de récompenses est mené par Cybersecurity Breakthrough, une organisation de renseignement indépendante de premier plan qui reconnaît les principales entreprises, technologies et produits sur le marché mondial de la sécurité. Depuis le dépôt de notre premier brevet d'intelligence artificielle (IA) il y a 20 ans, Proofpoint a été pionnier des applications innovantes de l'IA et de l'apprentissage automatique (ML) pour fournir à nos clients, qui comprennent plus de 85% du Fortune 100, avec des solutions industrielles qui ont été prisesAbordez les principaux risques de cybersécurité auxquels ils sont confrontés aujourd'hui à partir du compromis initial par un attaquant au mouvement latéral et à l'exfiltration des données.L'IA et la ML sont tissées dans notre suite de produits pour offrir aux clients une protection complète et constante en évolution contre un large éventail de menaces.Aujourd'hui, nous exploitons près de deux décennies d'expérience en IA, ML et en science des données dans notre plate-forme d'IA, qui alimente les produits PROVEPPOINT pour aborder efficacement un large éventail de risques de cybersécurité et de conformité. Les grandes quantités d'alertes de données et d'alertes de sécurité sont confrontées chaque jour est stupéfiante, ce qui conduit à des défis dans l'identification, la priorisation et la réparation des attaques potentielles.Les humains ne peuvent plus évoluer pour sécuriser suffisamment une surface d'attaque au niveau de l'entreprise.L'intégration de l'IA et de la ML dans les solutions de points de preuve réduit la charge de travail sur les analystes de sécurité et les CISO, en particulier pour les organisations réglementées.L'IA et le ML sont intégrées dans notre plate-forme de protection des informations Sigma, et nous utilisons également ML pour classer les informations pour déterminer les informations qui comptent le plus. ProofPoint Aegis Menace Protection est la seule plate-forme de protection des menaces alimentée par AI / ML à désarmer les attaques avancées d'aujourd'hui avant qu'ils n'atteignent les utilisateurs, y compris les compromis par e-mail (BEC), le phishing, les ransomwares, les menaces de la chaîne d'approvisionnement et plus encore.Notre ensemble de données massifs alimente le graphique de menace NEXUS Pointpoint, qui nous permet de former des modèles pour identifier les anomalies comportementales, des expéditeurs inconnus, des URL ou des sous-domaines inhabituels, des locataires SaaS inhabituels, des écarts sémantiques et plus encore.Depuis son déploiement, nous avons observé une amélioration de 6x de l'efficacité de détection pour les menaces de facturation, pour choisir un exemple représentatif. Aujourd'hui, l'équipe de laboratoire de Proofpoint se dirige l'application de l'IA et du ML sur nos plateformes de protection.L'équipe est composée de scientifiques des données, d'ingénieurs d'apprentissage automatique, d'ingénieurs de données et de spécialistes des opérations d'apprentissage automatique qui se concentrent sur la meilleure façon de tirer parti de l'IA et de la ML pour améliorer à la fois nos caractéristiques du produit et augmenter nos flux de travail. Il s'agit du troisième point de preuve consécutif de l'année a été reconnu par la percée de la cybersécurité.En 2021 et 2022, Proofpoint a été nommé le fournisseur global de solutions de sécurité par e-mail de l'année.Un panel de juges évalue des milliers de nominations en fonction des critères suivants: innovation, performance, facilité d'utilisation, fonctionnalité, valeur et impact.Notre série de victoires reflète notre leadership de marché et notre capacité à lutter efficacement contre les acteurs de la menace à travers la chaîne de cyberattaques. I\'m	Threat Cloud		★★
	2023-10-04 06:00:00	Arrêt de cybersécurité du mois & # 8211;Phishing du code QR Cybersecurity Stop of the Month – QR Code Phishing (lien direct)	This blog post is part of a monthly series exploring the ever-evolving tactics of today\'s cyber criminals. Cybersecurity Stop of the Month focuses on the critical first steps in the attack chain-reconnaissance and initial compromise-in the context of email threats. The series is designed to help you understand how to fortify your defenses to protect people and defend data against emerging threats in today\'s dynamic threat landscape. The first two steps of the attack chain: reconnaissance and initial compromise. In our past installments, we have covered supplier compromise, EvilProxy, SocGholish and e-signature phishing. All of these are examples of threats we regularly detect for our customers before they\'re delivered to users. In this post, we explore a recent detection of a phishing attack in which the URL was encoded into a QR code. We\'ll also explore the mechanisms employed by our AI-driven detection stack that ultimately prevented the email from reaching the inbox of its intended target. The scenario Phishing, especially credential phishing, is today\'s top threat. Bad actors constantly devise new methods and tools to gain authenticated access to users\' accounts. This illicit entry often results in financial loss, data breaches and supplier account compromise that leads to further attacks. We recently detected a phishing attack hidden behind a QR code at an agriculture company with more than 16,000 employees. Fortunately, our Aegis platform detected the threats and broke the attack chain. In this scenario, a bad actor crafted a phishing lure purporting to contain completed documentation about the target\'s wages. Instead of including a link for the target to click, the bad actor included a QR code instructing the recipient to scan with their mobile phone\'s camera to review the documentation. Once scanned, a fake SharePoint login screen prompts the user to provide credentials. QR Code phishing represents a new and challenging threat. It moves the attack channel from the protected email environment to the user\'s mobile device, which is often less secure. With QR codes, the URL isn\'t exposed within the body of the email. This approach renders most email security scans ineffective. What\'s more, decoding QR codes using image recognition or optical character recognition (OCR) quickly becomes resource intensive and difficult to scale. The Threat: How did the attack happen? Here is a closer look at how the recent attack unfolded: 1. The deceptive message: An email claiming to contain employee payroll information sent from the organization\'s human resources department. Malicious email blocked by Proofpoint before it was delivered to the user\'s mailbox. (Note: For safety, we replaced the malicious QR code with one linking to Proofpoint.com. The rest of the message is a redacted screenshot of the original.) 2. QR Code Attack Sequence: The recipient is instructed to scan the QR code with their mobile device. Typical QR Code Attack Sequence for Phishing. 3. SharePoint phishing lure: Once the user decodes the URL, a fake SharePoint login screen tries to fool the recipient into entering credentials. Decoded QR code redirecting to an example SharePoint phishing page. Detection: How did Proofpoint detect the attack? QR Code phishing threats are challenging to detect. First, the phishing URL isn\'t easy to extract and scan from the QR code. And most benign email signatures contain logos, links to social media outlets embedded within images and even QR codes pointing to legitimate websites. So the presence of a QR code by itself isn\'t a sure sign of phishing . We employ an advanced blend of signals and layers of analysis to distinguish between weaponized and benign QR codes. We analyze and profile: The sender The sender\'s patterns The relationship of the sender and recipient based on past communication Those clues help identify suspicious senders and whether they are acting in a way that deviates from an established	Tool Threat Cloud		★★
	2023-09-22 05:00:22	Nébuleuse: une plate-forme ML de nouvelle génération Nebula: A Next-Gen ML Platform (lien direct)	Engineering Insights is an ongoing blog series that gives a behind-the-scenes look into the technical challenges, lessons and advances that help our customers protect people and defend data every day. Each post is a firsthand account by one of our engineers about the process that led up to a Proofpoint innovation.  Cyber threats are increasing in their frequency and sophistication. And for a cybersecurity firm like Proofpoint, staying ahead of threats requires us to deploy new machine learning (ML) models at an unprecedented pace. The complexity and sheer volume of these models can be overwhelming. In previous blog posts, we discussed our approach to ML with Proofpoint Aegis, our threat protection platform. In this blog, we look at Nebula, our next-generation ML platform. It is designed to provide a robust solution for the rapid development and deployment of ML models. The challenges We live and breathe supervised machine learning at Proofpoint. And we face active adversaries who attempt to bypass our systems. As such, we have a few unique considerations for our ML process: Speed of disruption. Attackers move fast, and that demands that we be agile in our response. Manual tracking of attacker patterns alone isn\'t feasible; automation is essential. Growing complexity. Threats are becoming more multifaceted. As they do, the number of ML models we need escalates. A consistent and scalable modeling infrastructure is vital. Real-time requirements. It is essential to block threats before they can reach their intended targets. To be effective on that front, our platform must meet unique latency needs and support optimized deployment options for real-time inference. In other ML settings, like processing medical radiographs, data is more stable, so model quality can be expected to perform consistently over time. In the cybersecurity setting, we can\'t make such assumptions. We must move fast to update our models as new cyber attacks arise. Below is a high-level overview of our supervised learning process and the five steps involved. A supervised learning workflow, showing steps 1-5. Data scientists want to optimize this process so they can bootstrap new projects with ease. But other stakeholders have a vested interest, too. For example: Project managers need to understand project timelines for new systems or changes to existing projects. Security teams prefer system reuse to minimize the complexity of security reviews and decrease the attack surface. Finance teams want to understand the cost of bringing new ML systems online. Proofpoint needed an ML platform to address the needs of various stakeholders. So, we built Nebula. The Nebula solution We broke the ML lifecycle into three components-modeling, training and inference. And we developed modular infrastructure for each part. While these parts work together seamlessly, engineering teams can also use each one independently. The three modules of the Nebula platform-modeling, training and inference. These components are infrastructure as code. So, they can be deployed in multiple environments for testing, and every team or project can spin up an isolated environment to segment data. Nebula is opinionated. It\'s “opinionated” because “common use cases” and “the right thing” are subjective and hence require an opinion on what qualifies as such. It offers easy paths to deploy common use cases with the ability to create new variants as needed. The platform makes it easy to do the right thing-and hard to do the wrong thing. The ML lifecycle: experimentation, training and inference Let\'s walk through the ML lifecycle at a high level. Data scientists develop ML systems in the modeling environment. This environment isn\'t just a clean room; it\'s an instantiation of the full ML lifecycle- experimentation, training and inference. Once a data scientist has a model they like, they can initiate the training and inference logic in the training environment. That environment\'s strict polici	Threat Medical Cloud		★★★
	2023-09-19 05:00:12	Pourquoi les données sur les soins de santé sont difficiles à protéger et quoi faire à ce sujet Why Healthcare Data Is Difficult to Protect-and What to Do About It (lien direct)	Hospitals, clinics, health insurance providers and biotech firms have long been targets for cyber criminals. They handle data like protected health information (PHI), intellectual property (IP), clinical trial data and payment card data, giving attackers many options to cash in. And as healthcare institutions embrace the cloud, remote work and telehealth, the risks of attacks on this data only increase. Besides outside attackers, insider risk is another concern in an industry where employees face high and sustained levels of stress. And then there\'s the increasing risk of ransomware. In the 2022 Internet Crime Report from the FBI\'s Internet Crime Complaint Center, healthcare was called out as the critical infrastructure industry hardest hit by ransomware attacks. In this blog, we\'ll take a look at some of the information protection challenges faced by the healthcare industry today. And we\'ll look at some solutions. Healthcare data breach costs Not only are data breaches in healthcare on the rise, but the costs for these breaches are high for this industry, too. IBM\'s Cost of a Data Breach Report 2023 says that the average cost of a healthcare data breach in the past year was $11 million. These costs can include: Ransoms paid Systems remediation Noncompliance fines Litigation Brand degradation There\'s a high cost in terms of disruptions to patient care as well. System downtime or compromised data integrity due to cyber attacks can put patients at risk. For example, when Prospect Medical Holdings faced a recent cyber attack, its hospitals had to shut down their IT networks to prevent the attack\'s spread. They also needed to revert to paper charts. The Rhysida ransomware gang claimed responsibility for that attack, where a wealth of data, including 500,000 Social Security numbers, patient files, and legal documents, was stolen. Information protection challenges in healthcare Healthcare firms face many challenges in protecting sensitive data. They include: Insider threats and electronic health record (EHR) snooping What are some insider threats that can lead to data breaches in healthcare? Here\'s a short list of examples: Employees might sneak a peek at the medical records of a famous patient and share the details with the media. Careless workers could click on phishing emails and open the door to data theft. Malicious insiders can sell patient data on the dark web. Departing employees can take valuable research data with them to help along own careers. A growing attack surface due to cloud adoption Most healthcare businesses are increasing their use of cloud services. This move is helping them to improve patient care by making information more accessible. But broad sharing of files in cloud-based collaboration platforms increases the risk of a healthcare data breach. It is a significant risk, too. Proofpoint threat intelligence shows that in 2022, 62% of all businesses were compromised via cloud account takeover. Data at risk across multiple data loss channels When EHRs are housed on-premises, patient records can still be accessed, shared and stored on remote endpoint and cloud-based collaboration and email systems. And as healthcare data travels across larger geographies, protecting it becomes much more of a challenge. How Proofpoint can help Our information protection platform, Proofpoint Sigma, provides unmatched visibility and control over sensitive data across email, cloud, web and endpoints. This unified platform allows healthcare businesses to manage data risk, while saving time and reducing operational costs. We can help protect your data from accidental disclosure, malicious attacks and insider risk. As the healthcare industry continues to adopt remote work and telehealth, there is one particular Proofpoint solution that stands out for its ability to help safeguard data. That\'s Proofpoint Insider Threat Management (ITM). It monitors user and data activity on endpoints. And it allows security teams to detect, investigate and respond to potential data l	Ransomware Data Breach Threat Medical Cloud		★★
	2023-09-18 05:00:09	Comment mieux sécuriser et protéger votre environnement Microsoft 365 How to Better Secure and Protect Your Microsoft 365 Environment (lien direct)	Microsoft 365 has become the de facto standard for email and collaboration for most global businesses. At the same time, email continues to be the most common attack vector for threat actors. And spam, phishing, malware, ransomware and business email compromise (BEC) attacks keep increasing in both their sophistication and impact. Verizon\'s 2023 Data Breach Investigations Report highlights the upward trend BEC attacks, noting that they have doubled over the past year and comprise 60% of social engineering incidents. While Microsoft 365 includes basic email hygiene capabilities with Exchange Online Protection (EOP), you need more capabilities to protect your business against these attacks. Microsoft offers Defender for Office 365 (MDO) as part of its security tool set to bolster security. And it\'s a good place to start, but it simply can\'t stop today\'s most sophisticated email threats. That\'s why analysts suggest you augment native Microsoft 365 security to protect against advanced threats, like BEC and payload-less attacks such as TOAD (telephone-oriented attack delivery). “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” Source: 2023 Gartner Market Guide for Email Security The rise of cloud-based email security solutions Email threats are nothing new. For years now, secure email gateways (SEG) have been the go-to solution to stop them. They filter spam, phishing emails and malware before they can get to users\' inboxes. But with more businesses adopting cloud-based email platforms-particularly Microsoft 365-alternative email security solutions have appeared on the market. Gartner calls them integrated cloud email security (ICES); Forrester refers to them as cloud-native API-enabled email security (CAPES). These solutions leave the basic email hygiene and handling of email traffic to Microsoft. Then, they examine the emails that are allowed through. Essentially, they identify threats that have slipped past Microsoft\'s defenses. The main advantage of ICES and CAPES is their ease of deployment and evaluation. They simply require a set of permissions to the Microsoft 365 installation, and they can start detecting threats right away. It\'s easy to remove these solutions, too, making it simple and straightforward to evaluate them. Two deployment models: the good and the bad When you\'re augmenting Microsoft 365 email security, you have several options for deployment. There\'s the post-delivery, API-based approach, which is used by ICES and CAPEs. And there\'s the pre-delivery, MX-based approach used by SEGs. Post-delivery deployment (API-based model) In this scenario, Microsoft provides an API to allow third-party vendors to receive a notification when a new email is delivered to a user\'s mailbox. Then, they process the message with their platform. If a threat is found, it can be deleted or moved to a different folder, like quarantine or junk. However, this approach presents a risk. Because a message is initially delivered to the mailbox, a user still has a chance to click on it until the threat is retracted. Emails must be processed fast or hidden altogether while the solution scans the message for threats. Analyzing attachments for malware or running them through a sandbox is time-consuming, especially for large or complex attachments. There are also limits on how many alerts from Microsoft 365 that cloud-based email security solutions can receive. Pre-delivery deployment (MX-based model) This approach is useful for businesses that want to detect and prevent email threats before they reach their users\' inboxes. As the name suggests, email is processed before it is delivered to a user\'s inbox. To enable this model, an organization\'s DNS email exchange (MX) record must be configured to a mail server. The MX record indicates how email messages should be routed in	Ransomware Data Breach Malware Tool Threat Prediction Cloud		★★★
	2023-09-14 05:00:42	Maximiser les soins aux patients: sécuriser le cheval de travail des e-mails des portails de santé, des plateformes et des applications Maximizing Patient Care: Securing the Email Workhorse of Healthcare Portals, Platforms and Applications (lien direct)	In the modern healthcare industry, healthcare portals, platforms and applications serve as tireless workers. They operate around the clock, making sure that crucial information reaches patients and providers. At the heart of it all is email-an unsung hero that delivers appointment reminders, test results, progress updates and more. Healthcare portals, platforms and applications and many of the emails they send contain sensitive data. That means they are a top target for cyber criminals. And data breaches can be expensive for healthcare businesses. Research from IBM shows that the average cost of a healthcare data breach-$10.93 million-is the highest of any industry. In addition, IBM reports that since 2020 data breach costs have increased 53.3% for the industry. In this post, we explore how a Proofpoint solution-Secure Email Relay-can help healthcare institutions to safeguard patient information that is transmitted via these channels. Healthcare technology in use today First, let\'s look at some of the main types of healthcare portals, platforms and applications that are in use today. Patient portals. Patient portals have transformed the patient and provider relationship by placing medical information at patients\' fingertips. They are a gateway to access medical records, view test results and schedule appointments. And they offer patients a direct line to communicate with their healthcare team. The automated emails that patient portals send to patients help to streamline engagement. They provide useful information and updates that help people stay informed and feel more empowered. Electronic health record (EHR) systems. EHR applications have revolutionized how healthcare providers manage and share patient information with each other. These apps are digital repositories that hold detailed records of patients\' medical journeys-data that is used to make medical decisions. EHR apps send automated emails to enhance how providers collaborate on patient care. Providers receive appointment reminders, critical test results and other vital notifications through these systems. Health and wellness apps. For many people, health and wellness apps are trusted companions. These apps can help them track fitness goals, monitor their nutrition and access mental health support, to name a few services. Automated emails from these apps can act as virtual cheerleaders, too. They provide users with reminders, progress updates and the motivation to stick with their goals. Telemedicine platforms. Telemedicine platforms offer patients access to virtual medical consultations. They rely on seamless communication-and emails are key to that experience. Patients receive emails to remind them about appointments, get instructions on how to join virtual consultations, and more. The unseen protector: security in healthcare emails Healthcare providers need to safeguard patient information, and that includes when they rely on healthcare portals, platforms and applications to send emails to their patients. Proofpoint Secure Email Relay (SER) is a tool that can help them protect that data. SER is more than an email relay. It is a security-centric solution that can ensure sensitive data is only exchanged within a healthcare ecosystem. The solution is designed to consolidate and secure transactional emails that originate from various clinical and business apps. SER acts as a guardian. It helps to ensure that compromised third-party entities cannot exploit domains to send malicious emails-which is a go-to tactic for many attackers. Key features and benefits of Proofpoint SER Here are more details about what the SER solution includes. Closed system architecture Proofpoint SER features a closed-system approach. That means it permits only verified and trusted entities to use the email relay service. This stringent measure can lead to a drastic reduction in the risk associated with vulnerable or compromised email service providers. No more worrying about unauthorized users sending emails in your business\'s name. Enhanced security contro	Data Breach Tool Medical Cloud		★★

Last update at: 2024-07-29 23:18:37
See our sources.

To see everything: Our RSS (filtrered)