Authentic8 Blog Category: News

85% of Infected Websites Are NOT Blacklisted

Website attacks increased by 59% in 2018, according to the 2019 Website Security Report [PDF] recently published by Scottsdale, AZ-based SiteLock, a provider of business website security solutions. Most of the attacks were automated, the company reports, with 330 bots staging on average 62 attacks per day.

So far, so not surprising - just wait, there’s more. Let’s look next at a significant aspect of the SiteLock findings. It illustrates how much the attackers behind such malware campaigns can rely on the inherent vulnerability of traditional browsers.

When someone visits an infected site, the regular browser dutifully executes the malicious code from the web on the local machine. From there, ransomware, spyware or cryptojackers can spread through the user’s corporate or home network. Game over.

“Not so fast,” you may object. “Our IT security team has many ways to prevent such exploits. AV/EPP/ATP, CASB, VPN, SWG/URL Filters…” Which brings up that other finding in the report

81% of CIOs and CISOs Defer Critical Updates or Patches

New research indicates that eight out of ten CIOs and CISOs refrain from adopting an important security update or patch, due to concerns about the impact it might have on business operations.

*

More than half (52%) said they have done so on more than one occasion. What about in your organization?

The Global Resilience Gap study, commissioned by security software firm Tanium, polled 500 CIOs and CISOs in the United States, United Kingdom, Germany, France and Japan, in companies with 1,000+ employees. Its goal was to explore the challenges and trade-offs that IT operations and security leaders face in protecting their business from a growing number of cyber threats and disruptions.

Infographic: CIOs/CISOs Holding Off on Patches and Updates (Source: Tanium Report)

Source: Tanium

The Problem: “Lack of Visibility and Control”

The report identifies “[l]ack of visibility and control across networks” as the main cause behind such missed or delayed updates.

80% of respondents reported they found out that a critical update or patch they thought had been deployed had not

Meet Frankie Keyes, the Most Trusted Expert in Cybersecurity

Frankie… who? No April Fool’s joke: Francis (“Frankie”) Archibald Keyes, Esquire, a fictitious figure you likely have never heard of, enjoys significantly higher trust among IT professionals than most real-life cybersecurity vendors or experts, according to new survey results from this year’s RSA Conference in San Francisco.

Of those surveyed in our Cybersecurity Approval Poll at RSA, a total of 88% stated that they trusted the made-up Mr. Keyes “much more”, “slightly more” or “about the same” as “other cybersecurity vendors and experts.”

If these results don’t instill much confidence in the industry’s ability to protect its customers from data breaches, malware attacks, and online election meddling, that is the whole point.

Frankie Keyes, a self-proclaimed Mr. Fix-it played by a professional actor, served as the face of F.A.K.E. Security, a make-believe company (website, Twitter handle and all) made up by Authentic8.

Fake Security, Real Survey

F.A.K.E. Security had its own booth

Why You Should Be Fed Up With the Cycle of FUD

The upcoming election has created the perfect opportunity for the $100 billion cybersecurity industry to throw some fear, uncertainty and doubt — colloquially known as “FUD” — into the daily conversation.

Vendors see this as an opportunity to double down on their marketing to help congressional offices “defend democracy.” But they’re selling the same solutions that got these offices in trouble in the first place. Isn’t it time to try a different approach?

It’s important to understand that unlike other branches of government, each congressional office is responsible for their own security when it comes to their IT infrastructure. In many instances, offices outsource management of their systems to contracting agencies, which contributes to the problem.

Additionally, congressional offices and political parties were targets long before the industry took notice. Party staff are juicy targets for social engineering, phishing, and other forms of targeted attacks from APT groups. Stealing the data they’re holding can be a windfall for political adversaries

10 Top Tools for Threat Hunters from Black Hat USA 2018

You weren't able to make it to Las Vegas this year? Check out these ten short reviews of useful tools for threat intelligence researchers and threat hunters presented at Black Hat USA 2018:

Xori: Automated Disassembly

Black Hat USA 2018: 10 Top Tools - Xori

Malware disassembly can be quite tedious, even with a bells-and-whistles IDA Pro license. If only there was a way to automate all of it. That’s where Xori comes in.

Amanda Rousseau and Rich Seymour created a new automated disassembly platform that’s not only free, but fast. Reverse engineers often come across dozens of sample variants from the same family of malware. Having the ability to dissect all the assembly code and tell the results apart, automated and at a fast pace is something need in their arsenal of tools.

There are two modes in Xori, light and full emulation. Light emulation enumerates all the paths in CPU registers, the stack, and you’ll see some instructions. Full emulation follows the code’s path (shows