For many years, Healthcare records have been extremely valuable to the criminal world. In 2014, it was reported that Healthcare records were 10x more valuable than standard financial data – as the opportunity for identity theft and medical fraud utilizing those stolen records was much higher. Despite a fairly steady drop in the black-market prices of medical records since then, they are still a high-value hacking target, with reported incidents still coming in. The drop in value has precipitated an increase in ransomware, which encrypts target files and asks owners for a sum of money for the encryption key. This has the advantage of not actually having to remove files or figure out how to sell them afterwards.
The end of 2016 saw the return of a familiar attack campaign that wipes the disk of any infected computer. Dubbed Shamoon 2, it appears to related to the 2012 Shamoon campaign that targeted an organization in Saudi Arabia and made use of a disk wiper called DistTrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The attack four years ago resulted in 30,000 or more systems being damaged to oil company Saudi Aramco. Shamoon 2 was scheduled to execute its wiping activities on November 17, 2016. No one has identified the threat actors behind either the original attack campaign or this new one, but the they appear to have targeted a second Saudi Arabian organization, with the payload set to execute on November 29, 2016. This new campaign targeted the labor ministry and a chemicals firm. Luckily for the organizations, the malware was discovered and defused before the scheduled execution dates. There is no information as to how the malware was delivered to the targeted organizations, but it is likely that the threat actors performed reconnaissance on the target networks during a previous intrusion to map the networks and identify systems to deliver the malicious payload to.
While the year is only a few weeks old, Attivo Networks is starting 2017 off with several new achievements. Since the beginning of the year, we have announced an exciting new partnership with Check Point Software, released the results of our survey highlighting a dramatic shift in security budgets from prevention to detection, and have received another new award in recognition of Attivo technology innovation.
This past week, Attivo announced its win of the 2016 One Planet℠ Business and Professional Excellence Awards. The company’s ThreatMatrix Deception and Response Platform won silver in the Most Innovative Product of the Year category.
Attivo Networks deception platform has integrated with Check Point R80 management platform. The integration combines prevention, advanced threat detection, and incident response capabilities into a collective defense solution capable of automatically identifying and blocking infected systems to prevent exfiltration of valuable company data and other malicious activities.
Attivo announced today that the company has joined the Aruba, a Hewlett Packard Enterprise company, ClearPass Exchange Partner program for the integration of its ThreatMatrix™ Deception Platform and the Aruba ClearPass Policy Management solution. The integration brings together advanced threat detection and policy-based remediation capabilities into a comprehensive solution that provides early threat visibility, attack analysis, and the automatic quarantine of infected systems to prevent the lateral spread of malicious malware and exfiltration of data.
Juniper Networks has selected Attivo Networks to its 2016 list of 20 most promising network solution providers. The list, which has been featured in the special annual edition of the CIOReview Magazine, recognizes the best of breed vendors with innovative products and solutions from the Juniper Networks ecosystem. The solution providers list serves as a valuable resource for IT professionals seeking to include cutting-edge technology as part of their security portfolio.
Attivo Networks®, the award-winning leader in deception for cyber security threat detection, announced today that it has been named a Platinum Award winner in American Security Today’s (AST) 2016 “ASTORS” Homeland Security Awards. The award program recognized the company’s ThreatMatrix Deception and Response Platform as a premier example of outstanding product development as well as one of the notable emerging technologies addressing the growing homeland security threats the nation is facing.
Integration between detection and prevention solutions is key to providing the critical infrastructure required for continuous response and protection against cyber attackers. The average dwell time of an attacker currently stands at 201 days, which is then compounded by another 70 days to contain the breach once it has been identified.
Attivo Networks and Carbon Black are partnering to provide customers with a powerful integrated solution for advanced continuous threat management and response. Integrating these solutions empowers organizations to reduce time-to- detection and the time required to respond to incidents, ultimately reducing the attacker’s ability to complete their ultimate mission.
The integrated solution combines the Attivo ThreatMatrix™ Deception and Response Platform with Carbon Black Response for early detection of in-network threats, automated response actions based on deception server engagement, and the ability to query Cb Response for additional forensic artifacts on other infected systems. The integrated solution provides organizations an advanced level of visibility and improves overall threat management operations by simplifying information sharing and automating incident response actions.