Endpoint Detection Net Solution Raises the Lateral Movement Detection Bar, Detecting the Techniques that Other Security Controls Miss … Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, introduced today new capabilities to its Endpoint Detection Net (EDN) solution that prevent attackers from fingerprinting an endpoint to identify security weaknesses …
Job No. 1 for any provider of security services is to keep bad guys out of customer environments. When those efforts fail—and they will eventually, no matter how good you are—Job No. 2 is spotting the breach and mitigating its effects. That’s where Attivo Networks aims to help. In a new spin on the threat detection and response products businesses increasingly use to undo the effects of successful attacks, Attivo makes a threat deception and response solution that employs various kinds of decoys and lures to fool intruders into exposing their presence inside the firewall. Preassembled incident response processes can then kick in to implement automated, orchestrated remediation measures. The system is designed to be easy enough for small businesses to deploy and operate, and it’s priced to fit SMB budgets as well.
Deception plays an essential role in any game of strategy, providing an opportunity to trick the opponent into exposing their weaknesses and leaving themselves vulnerable. Given its successes, the application of deceptive techniques has been a mainstay of military tactics, sports playbooks, and gambling for millennia. From tricking a unit of horsemen into overextending their charge to diverting a bomber squadron away from genuine targets, well-placed decoys have delivered powerful results in both offence and defence. Decoys, when paired with lures, can be indispensable in fooling an adversary into engaging or in misdirecting and slowing down their efforts.
Unlike other security solutions, Attivo focuses on detecting the threats that have bypassed perimeter security controls, which all determined attackers eventually do. Highly authentic deception traps, along with data, application, and credential lures are deployed to attract an attacker into engaging and revealing their presence. This is quick, efficient, and customers have cited being able to detect and respond to threats in 15 minutes, a dramatic difference compared to the 100+ days of dwell time that many organizations contend with. The solution also adds continuous detection value throughout the phases of the kill chain.
Attivo Networks announced industry validations that Attivo Networks deception effectively fools attackers. Validating deception’s ability to serve as a reliable security control for closing in-network detection gaps, the company has released results of a penetration test conducted by a top computer forensics company that specializes in penetration testing, announced the ThreatInject simulation tool for testing deception resiliency, and is embedding deception into the ISSA International Conference Capture the Flag (CTF) event. By creating an authentic synthetic network based on deception, organizations change the asymmetry on attackers by placing high-interaction traps and lures that efficiently reveal an attacker’s presence.
“Ovidiy,” a recently discovered credentials stealing malware that targets primarily browsers, is being marketed primarily to Russian speakers at the very affordable price of approximately $7-$13 (or 450-750 rubles) per individual build.
In a Thursday blog post detailing the malware, Proofpoint said that Ovidiy has been under “constant development” since its researchers first observed it in June. The customizable credentials stealer is sold in individual modules, each one built to target a different application, including FileZilla, Google Chrome, Kometa, Amigo, Torch, Orbitum, and Opera.
Attivo announces Camouflage, the next generation in deception technology with a solution that uses self-learning to automatically alter itself, constantly generating fresh bait for attackers. Attivo Camouflage uses Dynamic Behavioral Deception to generate lures and decoys that are identical to real assets while continually evolving and scaling alongside the real computing environments it is protecting.
A hacker is selling stolen credentials that purportedly give access to servers of the US Navy, Centers for Disease Control, US Postal Service, and other US government sites.
Listings for the accounts were found recently by Tech Insider on a dark web marketplace called The Real Deal, a popular site many cyber criminals use for buying and selling everything from illegal drugs to zero-day software exploits. It’s unclear when the postings were made, since the site offers no dates for when sellers create their listings.
A few weeks ago, Tumblr notified users of a data breach that resulted in the theft of user email addresses and hashed passwords. The company did not say how many accounts were affected, but recently someone put the data up for sale and the number is: 65 million records.
The data is being sold on a Tor dark market website called TheRealDeal by a user named peace_of_mind who also sold 167 million user records stolen from LinkedIn. Recently he also posted offers for 360 million accounts allegedly stolen from MySpace and 40 million from adult dating website Fling.com.
According to Tumblr’s security note on May 12, attackers obtained user email addresses with salted and hashed passwords in early 2013, before the company was acquired by Yahoo.
A new botnet has been discovered that collects account credentials from users on popular sites and then tries the logins it has acquired on bank login pages.
This new tactic is quite clever in the way that it is able to avoid setting off botnet detection and the rate-limiters that most modern banks have in place. These same security measures are generally not present on the rest of the web which allows the botnet to collect passwords and prey on users guilty of password re-use.
It also has a high rate of possible success since anywhere from 15 to 60 per cent of users re-use their passwords across multiple sites for the sake of convenience. Many users also select easy to remember passwords that are often re-used as opposed to complex and unique passwords. Password lockers are also often overlooked by the average internet user.