Security Roundup: Lumen Finds Router Botnet, Phishing Scam Undetected for 2 Years
Plus, Safe Security makes a big acquisition and another company gets some funding.
![Cybersecurity Roundup, security roundup Cybersecurity Roundup, security roundup](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltf66ccc2a37ae45f4/6523eff1813f7d1a5f4ae5f0/Cybersecurity-Roundup.jpg?width=700&auto=webp&quality=80&disable=upscale)
Shutterstock
Lumen Technologies’ Black Lotus Labs, the company’s threat research arm, discovered a new strain of malware that compromises routers built for the small office/home office (SOHO).
Dubbed “AVrecon,” the malware has infiltrated more than 70,000 machines and gained “persistent hold” over 40,000 of them in 20 countries. Black Lotus Labs made the determination after a 28-day snapshot of AVrecon via visibility over Lumen’s global network.
“Our network visibility enables us to see threats other researchers cannot see, and once again we have discovered a new malware that targets SOHO routers,” said Michelle Lee, director of threat intelligence for Lumen Black Lotus Labs. “This time it went undetected for two years and grew to a staggering 40,000-strong botnet.”
Lumen is calling this one of the largest SOHO router-targeting botnets it has ever seen.
Partners, the company notes, can help their customers take the following precations to protect themselves:
· Look for attacks on weak credentials and suspicious login attempts. Do this even when they originate from residential IP addresses.
· Keep in mind that malicious hackers can spawn a remote shell and deploy subsequent modules.
· Make sure to protect cloud assets from communicating with bots that are trying to perform password-spraying attacks. Begin blocking indicators of compromise (IoCs) with web application firewalls.
Security provider PrivacyHawk, which works with MSPs, just wrapped a $2.7 million funding round backed by no fewer than 10 investors.
PrivacyHawk, which claims to have pioneered the “new category of personal data protection” offers a product that protects individuals’ data from falling into the wrong hands.
“Our personal data has emerged as one of the most valuable things about us,” said PrivacyHawk CEO and co-founder Aaron Mendes. “It also puts us each at enormous risk of fraud, identity theft, hacks, scams and spam. PrivacyHawk is building a future where people’s data can be automatically protected from falling into the wrong hands by reducing their digital footprints.”
PrivacyHawk plans to use the funds to support sales and marketing growth, as well as product development, “to protect personal data and reduce everyone’s risk of being targeted by fraud and cybercrimes.”
A new report from S&P Market Intelligence shows that only 43% of small and medium businesses (SMBs) have deployed privileged access management (PAM). That’s compared to other security technologies such as network, email and endpoint security — all are above 75% deployment.
Awareness could be one reason, but price is another. PAM products have typically been complex, difficult to use, and expensive to both deploy and maintain. Also, because they require dedicated staff to operate, SMBs have often shunned PAM.
However, the world of PAM is becoming more accessible via the cloud, as Keeper Security notes, making reference to the S&P Market Intelligence report. This creates an opening for partners.
“With the expansion of the attack surface due to remote and hybrid working, privileged access management is becoming increasingly critical. At the same time, the definition of a ‘privileged user’ needs to widen to address a broader range of employees – especially in small businesses, where access rights may be more pervasive,” said Darren Guccione, CEO and co-founder at Keeper Security. “However, SMB adoption of PAM is lagging due to traditionally high barriers of entry, which is making them low-hanging fruit for attackers. In order to bolster security, organizations should seek flexible, easy to use, cloud-based PAM solutions that are cost effective and offer a full stack of IAM capabilities.”
Safe Security is buying RiskLens, which is known for pioneering the cyber risk quantification standard — Factor Analysis of Information Risk (FAIR).
The companies say joining forces brings together the world’s most advanced cyber risk quantification and the most advanced AI-powered automated cyber risk management platform.
“We are at a critical inflection point in the market with new cyber risk management guidelines stemming from the White House and regulatory bodies, like the SEC. I am thrilled to welcome RiskLens, which has pioneered the FAIR model of cyber risk quantification and established a trusted standard for measuring cyber risk, supported by over 14,000 practitioners, representing 50% of Fortune 500 companies,” said Saket Modi, CEO and co-founder at Safe Security.
Safe Security says its channel program enables partners to “supercharge” their product and services revenue across deployment, integration, maintenance, project/program, and consulting engagements.
Bugcrowd‘s new “Inside the Mind of a Hacker” report shows that nearly three in four hackers don’t think artificial intelligence will replace human creativity in security research and vulnerability management.
No surprise that generative AI is a major theme in the report. More than one-half (55%) of respondents in the survey said AI can already outperform hackers or will be able to in the next five years. That said, they aren’t worried about being replaced, as 72% believe generative AI won’t replicate their creativity.
Partners, take note: Customer awareness to the threat of a breach is paramount. The hackers surveyed say less than 10% of companies really understand their risk.
Go here for access to the full report.
HCA Healthcare, which runs a health care services network reaching 35 million medical customers each year, reported a breach impacting 11 million patients’ whose information was stolen.
Channel Futures’ sister site, Dark Reading, reported that the data was offered for sale on a dark web hacker forum, with great specificity: “Data is grouped by division into 17 files totaling to 27,700,000 rows. More data is included in the sale. HCA Healthcare have until the 10th to meet the demands.”
The bad actors didn’t mention the specific ransom demands on the website.
HCA Healthcare announced the attack on July 10, stating that patient names, contact info, birthdates and appointment details were among the stolen data.
A widespread phishing campaign in May targeted individuals and organizations in Mexico. Cybersecurity company Perception Point announced this week that the effort began as early as 2021.
The attack is known as “Manipulated Caiman.” It starts as a standard phishing scam with a fake tax receipt attached to the email. Downloading inadvertently brings malware onto one’s device.
Estimates are that 4,000 victims were defrauded of more than $55 million over the past two years.
Perception Point says the threat actor was able to be operational for so long because of the sophistication of the protections it had in place to subvert detection.
Managed cybersecurity and technology enablement provider High Wire Networks on Wednesday teased a July 17 event where it will introduce “the next generation of enterprise-class cybersecurity technology.”
The advanced technology, the company says, is the foundation for a new product that will “disrupt multiple, fast-growing industry segments,” from secure access service edge (SASE) and identity access management (IAM) to secure enterprise browser (SEB).
High Wire says its new solution combines multiple networking and network security services into a single element with a broad range of capabilities.
The new offering employs an identity-based approach to securing employee and third-party access to enterprise resources using virtually any web browser. It aims to provide powerful protection against phishing, viruses, ransomware, malware, malvertising, data leakage and data theft without the need to deploy physical firewalls, gateways or network monitoring software, the company said.
More details to come at the unveiling next week.
Managed cybersecurity and technology enablement provider High Wire Networks on Wednesday teased a July 17 event where it will introduce “the next generation of enterprise-class cybersecurity technology.”
The advanced technology, the company says, is the foundation for a new product that will “disrupt multiple, fast-growing industry segments,” from secure access service edge (SASE) and identity access management (IAM) to secure enterprise browser (SEB).
High Wire says its new solution combines multiple networking and network security services into a single element with a broad range of capabilities.
The new offering employs an identity-based approach to securing employee and third-party access to enterprise resources using virtually any web browser. It aims to provide powerful protection against phishing, viruses, ransomware, malware, malvertising, data leakage and data theft without the need to deploy physical firewalls, gateways or network monitoring software, the company said.
More details to come at the unveiling next week.
Threat actors don’t take a break, and neither does Channel Futures’ coverage of the week’s biggest cybersecurity news.
Our esteemed senior news editor and cybersecurity guru, Edward Gately, is on vacation, but the malicious hackers keep on hackin’. Therefore, we present a security roundup to keep you and your customers up to speed.
The team at Lumen’s Black Lotus Labs discovered a botnet wreaking havoc on routers. Connect to the internet from your small office or home office, and you could face some serious issues with “AVrecon” nosing its way into your network.
Then there’s a phishing attack that went unnoticed for – wait for it – two years. Our security roundup explains why it took so long to discover what would eventually cost financial customers millions of dollars.
Security Roundup: M&A, Research
There also was news on the security merger-and-acquisition front. Safe Security says it’s taking its business to the next level with the purchase of RiskLens. It brings together Safe’s cyber risk management with RiskLens’ cyber risk quantification platform.
And a pair of studies this week shed light on the impact of artificial intelligence on malicious hacking, and the increasing availability of privileged access management for SMBs.
All that and more in our security roundup, which you can access in the slideshow above.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Craig Galbraith or connect with him on LinkedIn. |
About the Author(s)
You May Also Like