Cybersecurity Roundup: New Alert Warns of Increased Russia Cyber Crime Coming
Devo Technology has acquired Kognos, and Authomize and Ping Technology have teamed up.
![Russia hacker Russia hacker](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt351b46d01eb9a958/65242f079cf1343b5082997b/Russia-Hacker.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Casey Ellis is Bugcrowd‘s founder and CTO. He said the alert reinforces the countries’ position that malicious cyber activity emanating from Russia is, in general, a clear and present danger to democratic countries.
“Since the start of this conflict, I’ve held the position that direct cyber-borne aggression emanating from Putin’s office is unlikely, given Russia’s own vulnerability to retaliatory cyber response, as well as the unpredictable escalation pathways to nuclear conflict that exist,” he said. “Those who sympathize with Russian interests, on the other hand, are not necessarily bound by these rules, so they represent the active and likely threat at the moment.”
This alert acknowledges the “somewhat blurry lines” between state-sponsored and state-sanctioned offensive activity emanating from Russia, Ellis said. Moreover, it directly calls out the concept of “friends of Putin” as a threat “we’re most likely to encounter.”
Dave Cundiff is Cyvatar‘s vice president of member delivery.
“Russian cyberattacks are always opportunistic,” he said. “The teams of attackers find times of geopolitical unrest to leverage baseline attacks while focus is directed elsewhere. However, Russian attacks never stop, especially against what they see as their largest competition for influence within the world. As such, the United States is constantly under attack from Russian state-sponsored groups. Even if it is not apparent, they are specifically directed by the Russian government.”
Organizations should always focus on the basic foundations of cybersecurity, vulnerability, patch management, multifactor authentication (MFA) methods, and reduced or significantly controlled device access methods, Cundiff said.
“Organizations should also make sure they are reviewing their supply chains as well, due to the ability of attackers to pivot from a downstream vendor into a more robust target,” he said.
Rick Holland is CISO and vice president of strategy at Digital Shadows. He said this alert is more of a primer and a level-set versus breaking new information on Russian cyber operations.
“The alert does provide an excellent overview of the wide range of government, military and Russian aligned threat groups,” he said. “This information will benefit less-mature organizations that haven’t historically tracked these threat groups. Defenders can refer to the threat actors’ tactics, techniques and procedures (TTPs), and mitigations to better inform their detection and response activities. Defenders shouldn’t let down their guard. Evolving intelligence has been evolving for a month now. Just because we haven’t observed Russian attacks against U.S. interests doesn’t mean they haven’t or won’t occur.”
Devo Technology has acquired Kognos, an autonomous threat hunting provider, to build what it calls an autonomous security operations center (SOC).
Devo collects data from across the entire attack surface. It then provides analytics and detections that feed directly into the Kognos artificial intelligence (AI) engine. Data analysts use and apply AI to automatically triage and investigate alerts and create attack stories. That’s a key component of the autonomous SOC.
The combination automates key aspects of the threat life cycle, including detection, triage, investigation and hunting, Devo said. That eliminates repetitive manual tasks that lead to analyst burnout and SOC inefficiency.
Financial terms were not disclosed. Kognos CEO Rakesh Nair will join Devo as vice president of engineering.
Gary Pelczar is Devo’s vice president of global alliance.
“Devo partners are able to sell Kognos and will be able to deliver to clients a next-generation solution that forms the foundation of the autonomous SOC — complete visibility, automation, analytics and open access to community expertise and content that gives customers unprecedented optimization of their security teams and maximizes their security investments,” he said. “Kognos brings exciting new capabilities to the Devo platform, allowing threat hunters to do machine-assisted hunting. Instead of drowning in data, and manually investigating tipoffs and alerts, analysts execute machine-assisted threat hunting with Kognos, which automatically delivers a blueprint of the full threat story as a starting point for analysts. These capabilities will allow our partners to tout the reduction of manual tasks and drive automation and efficiency in the SOC.”
MSPs in particular will gain a competitive advantage, as the addition of Kognos will increase their efficiency and decrease operational costs in delivering their service, Pelczar said.
Authomize and Ping Identity have partnered to create an end-to-end solution for managing customers’ enterprise identity access and authorization security.
Ping Identity allows customers to digitize, manage and control their enterprise’s access, providing control and trust for partner, customer and employee identities.
Building on Ping Identity’s authentication services, Authomize provides the next step in the chain. It enables Ping Identity’s customers to manage their access privileges on a granular level across all their apps and cloud services (IaaS, SaaS, data) with authorization (authZ) solutions.
Ariel Cohen is Authomize‘s chief business officer.
“We are excited to launch this next latest step in growing our Authomize Together partnership outreach,” he said. “Authomize is the first solution provider to provide true cross-stack observability and control over access privileges. By establishing our multipronged engagement with Ping Identity, we are hopeful it will be even easier for customers to benefit from stronger, continuous access security controls.”
Loren Russon is Ping Identity’s vice president of product management and design.
“The partnership with Authomize extends the breadth of our security offerings, helping customers deliver a seamless and frictionless user experience,” he said. “Authomize is a leader in providing breadth of coverage and automation for securely managing access privileges. With our partnership, customers will be able to experience a seamless integrated solution that is easy to deploy and manage.”
As if anybody needs to say this: It’s a great time to be in cybersecurity. Why? The global cybersecurity market should exceed $500 billion by 2030. That’s up from about $185 billion last year.
That’s according to a new report by Grand View Research. It expects a compound annual growth rate (CAGR) of 12% through 2030.
Key players include Cisco, Palo Alto Networks, McAfee (now Trellix), Broadcom, Trend Micro, CrowdStrike and Check Point Software Technologies.
The increase in cyberattacks during the pandemic kept cybersecurity solutions demand upbeat in 2020. The trend is expected to continue post-pandemic and by the forecast period due to several firms adopting hybrid working and BYOD trends, resulting in an increase in the number of endpoint devices and anonymous network access,
The introduction of advanced cybersecurity solutions, the increasing cost of data breaches, emerging enterprise mobility trends and stringent government regulations are some of the factors expected to drive market growth.
The evolving cyber threat landscape requires sophisticated cybersecurity solutions that facilitate real-time threat detection and response while also helping in cutting down data breach costs. Further, several governments globally have introduced data protection laws, compelling end-user organizations to deploy cybersecurity solutions to safeguard consumer data.
The market is anticipated to face challenges related to a lack of skilled IT workforce and the use of unlicensed cybersecurity software, which is expected to hamper market growth. The high cost of cybersecurity solutions compels many SMEs to deploy unlicensed solutions, which do offer protection, but are largely ineffective against new threats and are often accompanied by trojans, viruses, worms, adware and spyware. That may put the organizations’ security at risk.
Further, cybersecurity vendors are engaged in developing advanced cybersecurity solutions with machine learning (ML) and AI technologies. However, several organizations face an acute shortage of skilled workers to keep up with cybersecurity trends and deploy cutting-edge solutions.
The managed services segment is expected to attain the highest CAGR due to the increasing number of organizations outsourcing IT security services such as consultation, implementation and maintenance.
As if anybody needs to say this: It’s a great time to be in cybersecurity. Why? The global cybersecurity market should exceed $500 billion by 2030. That’s up from about $185 billion last year.
That’s according to a new report by Grand View Research. It expects a compound annual growth rate (CAGR) of 12% through 2030.
Key players include Cisco, Palo Alto Networks, McAfee (now Trellix), Broadcom, Trend Micro, CrowdStrike and Check Point Software Technologies.
The increase in cyberattacks during the pandemic kept cybersecurity solutions demand upbeat in 2020. The trend is expected to continue post-pandemic and by the forecast period due to several firms adopting hybrid working and BYOD trends, resulting in an increase in the number of endpoint devices and anonymous network access,
The introduction of advanced cybersecurity solutions, the increasing cost of data breaches, emerging enterprise mobility trends and stringent government regulations are some of the factors expected to drive market growth.
The evolving cyber threat landscape requires sophisticated cybersecurity solutions that facilitate real-time threat detection and response while also helping in cutting down data breach costs. Further, several governments globally have introduced data protection laws, compelling end-user organizations to deploy cybersecurity solutions to safeguard consumer data.
The market is anticipated to face challenges related to a lack of skilled IT workforce and the use of unlicensed cybersecurity software, which is expected to hamper market growth. The high cost of cybersecurity solutions compels many SMEs to deploy unlicensed solutions, which do offer protection, but are largely ineffective against new threats and are often accompanied by trojans, viruses, worms, adware and spyware. That may put the organizations’ security at risk.
Further, cybersecurity vendors are engaged in developing advanced cybersecurity solutions with machine learning (ML) and AI technologies. However, several organizations face an acute shortage of skilled workers to keep up with cybersecurity trends and deploy cutting-edge solutions.
The managed services segment is expected to attain the highest CAGR due to the increasing number of organizations outsourcing IT security services such as consultation, implementation and maintenance.
A new joint advisory warns of potential increased malicious cyber activity from Russian state-sponsored cyber actors or Russia-aligned cyber crime groups.
The cybersecurity authorities of the United States, Australia, Canada, New Zealand and the United Kingdom issued the advisory. Organizations within and beyond the region could be at risk of Russia cyber crime.
This activity may occur in response to the unprecedented economic costs imposed on Russia, as well as material support provided by the United States and its allies and partners. The alert warns network defenders to prepare for potential malicious activity.
Recent Russian state-sponsored cyber operations have included distributed denial of service (DDoS) attacks. In addition, older operations have included deployment of destructive malware against Ukrainian government and critical infrastructure organizations.
“Evolving intelligence indicates that the Russian government is exploring options for potential cyberattacks,” the alert said. “Additionally, some cybercrime groups have recently publicly pledged support for the Russian government. These Russian-aligned cybercrime groups have threatened to conduct cyber operations in retaliation for perceived cyber offensives against the Russian government or the Russian people.”
Some groups have also threatened to conduct cyber operations against countries and organizations providing material support to Ukraine. Other cybercrime groups have recently conducted disruptive attacks against Ukrainian websites, likely in support of the Russian military offensive.
Scroll through our slideshow above for more on this and other cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like