Bitdefender launched a new cloud-based dedicated Endpoint Detection and Response (EDR) solution designed to help enterprise customers and Managed Service Providers (MSPs) improve the ability to detect and eradicate threats as they occur and strengthen overall resiliency against cyberattacks.
The new EDR package is resource-light and fully cloud-delivered for easy deployment and management and runs alongside third-party prevention technologies. Unique in the EDR space, it combines endpoint telemetry and human risk analytics with the advanced threat detection capabilities that have made Bitdefender a recognized endpoint security leader.
The detection capabilities enable quick visibility into vulnerable systems on premise or in cloud environments, and offer one-click actions to mitigate risks including quarantining files, blocking IP addresses and killing processes.
“Businesses and MSPs struggle to keep pace with an onslaught of attacks as cybercriminals work diligently to capitalize on the industry’s shift to less secure remote work environments for the foreseeable future,” said Gavin Hill, vice president product marketing at Bitdefender.
“The new Bitdefender EDR package delivers best-in-class attack visibility and effective response, backed by threat intelligence from Bitdefender Labs, to help organizations navigate these riskier, uncertain times and protect their most valuable assets.”
“Bitdefender EDR helps us increase our resilience against cyber-attacks by making detection more accurate with increased visibility into what’s happening at the endpoint.
Additionally, Bitdefender EDR helps us decide how to respond—whether we block suspicious files or processes, or isolate an endpoint,” said Geraint Treharne, head of information security and compliance, Creditsafe.
Along with the new launch of Bitdefender EDR, Bitdefender has strengthened the GravityZone platform that underpins its business solutions portfolio.
Key features include:
- New GravityZone executive dashboard that displays key information in an easy-to-use, consolidated graphical representation covering threat detections and automatic actions taken, as well as the current endpoint inventory.
- Enhanced integration with SIEMs by enabling the forwarding of raw and/or system events from protected endpoints. The new feature, available for both cloud and on-premises deployments, lets customers search through raw endpoint data with the help of a SIEM. This complements the search capability embedded in the EDR product.
- Ransomware mitigation is now also available for MSPs and customers using the GravityZone cloud-based console providing the ability to restore encrypted files from tamper-proof copies, following a ransomware attack.
71% of CISOs believe cyberwarfare is a threat to their organization, and yet 22% admit to not having a strategy in place to mitigate this risk. This is especially alarming during a period of unprecedented global disruption, as 50% of infosec professionals agree that the increase of cyberwarfare will be detrimental to the economy in the next 12 months.
CISOs and infosec professionals however are shoring up their defenses — with 51% and 48% respectively stating that they believe they will need a strategy against cyberwarfare in the next 12-18 months.
These findings, and more, are revealed in Bitdefender’s global 10 in 10 Study, which highlights how, in the next 10 years, cybersecurity success lies in the adaptability of security decision makers, while simultaneously looking back into the last decade to see if valuable lessons have already been learnt about the need to make tangible changes in areas such as diversity.
It explores, in detail, the gap between how security decision makers and infosec professionals view the current security landscape and reveals the changes they know they will need to make in the upcoming months and years of the 2020s.
The study takes into account the views and opinions of more than 6,724 infosec professionals representing a broad cross-section of organizations from small 101+ employee businesses to publicly listed 10,000+ person enterprises in a wide variety of industries, including technology, finance, healthcare and government.
The rise and fall (and rise again) of ransomware
Outside of the rise of cyberwarfare threats, an old threat is rearing its head — ransomware. During the disruption of 2020, ransomware has surged with as much as 43% of infosec professionals reporting that they are seeing a rise in ransomware attacks.
What’s more concerning is that 70% of CISOs/CIOs and 63% of infosec professionals expect to see an increase in ransomware attacks in the next 12-18 months. This is of particular interest as 49% of CISOs/CIOs and 42% of infosec professionals are worried that a ransomware attack could wipe out the business in the next 12-18 months if they don’t increase investment in security.
But what is driving the rise in ransomware attacks? Some suggest it’s because more people are working from home — which makes them an easier target outside of the corporate firewall. The truth might however be tied to money.
59% of CISOs/CIOs and 50% of infosec professionals believe that the business they work for would pay the ransom in order to prevent its data/information from being published — making ransomware a potential cash cow.
A step change in communication is in high demand
Cyberwarfare and ransomware are complex topics to unpack, amongst many others in infosec. The inherent complexity of infosec topics does however make it hard to gain internal investment and support for projects. This is why infosec professionals believe a change is needed.
In fact, 51% of infosec professionals agree that in order to increase investment in cybersecurity, the way that they communicate about security has to change dramatically. This number jumps up to 55% amongst CISOs and CIOs — many of whom have a seat at the most senior decision-making table in their organizations.
The question is, what changes need to be made? 41% of infosec professionals believe that in the future more communication with the wider public and customers is needed so everyone, both in and organization and outside, better understands the risks.
In addition, 38% point out that there is a need for the facilitation of better communication with the C-suite, especially when it comes to understanding the wider business risks.
And last, but not least, as much as 31% of infosec professionals believe using less technical language would help the industry communicate better, so that the whole organization could understand the risks and how to stay protected.
“The reason that 63% of infosec professionals believe that cyberwarfare is a threat to their organization is easy,” said Neeraj Suri, Distinguished Professorship and Chair in Cybersecurity at Lancaster University.
“Dependency on technology is at an all-time high and if someone was to take out the WiFi in a home or office, no one would be able to do anything. This dependency wasn’t there a few years back–it wasn’t even as high a few months back.
“This high dependency on technology doesn’t just open the door for ransomware or IoT threats on an individual level, but also to cyberwarfare which can be so catastrophic it can ruin economies.
“The reason that nearly a quarter of infosec pros don’t currently have a strategy to protect against cyberwarfare is likely because of complacency. Since they haven’t suffered an attack or haven’t seen on a wide scale–the damage that can be done–they haven’t invested the time in protecting against it.”
Diversity, and specifically neurodiversity, is key to future success
Outside of the drastic changes that are needed in the way cybersecurity professionals communicate, there’s also a need to make a change within the very makeup of the workforce. The infosec industry as a whole has long suffered from a skills shortage, and this looks to remain an ongoing and increasingly obvious issue.
15% of infosec professionals believe that the biggest development in cybersecurity over the next 12-18 months will be the skills gap increasing. If the skills deficit continues for another five years, 28% of CISOs and CIOs say they believe that it will destroy businesses.
And another 50% of infosec professionals believe that the skills gap will be seriously disruptive if it continues for the next 5 years.
Today, however, it will take more than just recruiting skilled workers to make a positive change and protect organizations. In 2015, 52% of infosec workers would have agreed that there is a lack of diversity in cybersecurity and that it’s a concern.
Five years later, in 2020, this remains exactly the same — and that is a significant problem as 40% of CISOs/CIOs and infosec professionals say that the cybersecurity industry should reflect the society around it to be effective.
What’s more, 76% of CISOs/CIOs, and 72% of infosec professionals, believe that there is a need for a more diverse skill set among those tackling cybersecurity tasks. This is because 38% of infosec professionals say that neurodiversity will make cybersecurity defenses stronger, and 33% revealed a more neurodiverse workforce will level the playing field against bad actors.
While it’s clear that the cybersecurity skills gap is here to stay, it’s also clear why changes need to be made to the makeup of the industry.
Liviu Arsene, Global Cybersecurity Researcher at Bitdefender concludes, “2020 has been a year of change, not only for the world at large, but for the security industry. The security landscape is rapidly evolving as it tries to adapt to the new normal, from distributed workforces to new threats. Amongst the new threats is cyberwarfare.
“It’s of great concern to businesses and the economy — and yet not everyone is prepared for it. At the same time, infosec professionals have had to keep up with new threats from an old source, ransomware, that can affect companies’ bottom lines if not handled carefully.
“The one thing we know is that the security landscape will continue to evolve. Changes will happen, but we can now make sure they happen for better and not for worse. To succeed in the new security landscape, the way we as an industry talk about security has to become more accessible to a wider audience to gain support and investment from within the business.
“In addition, we have to start thinking about plugging the skills gap in a different way — we have to focus on diversity, and specifically neurodiversity, if we are to stand our ground and ultimately defeat bad actors.”
As the professional world moves increasingly online, Bitdefender announces the global launch of Bitdefender Digital Identity Protection, the service that lets freelancers, self-employed, consultants and even private individuals control their online reputation.
Digital Identity Protection taps the award-winning security technology of Bitdefender, perfected over two decades of service in the fight against cybercrime, to let individuals stay ahead of the growing legions of data thieves and fraudsters who use personal information to damage reputations, take over accounts or steal money, leaving victims on the hook.
Users can receive a full picture of their online footprint to see how clients might see them and, alternatively, how criminals might size them up: what elements of their personal data has ever been exposed, any indiscretions still haunting them years later, and how complete a picture of the individual can a stranger collate from their online activity.
Then, the user gets instant alerts to any new data breaches on the internet that could affect them, even scouring the hidden corners of the Dark Web where threats lurk beyond the reach of the law.
Constant monitoring lets users always stay a step ahead of identity thieves who could impersonate them, damage their professional reputation or use their identity to steal their money.
Bitdefender Digital Identity Protection shows all the sources where a person’s name, phone number, physical email address, jobs, education, photos and URLs are linked to their identity. They can visualize all information publicly exposed over the years – data that can affect an online reputation.
“With the COVID-19 pandemic, people’s online identities are becoming more important than ever, and that has been a major source of vulnerability in the past for freelancers and others who rely on their reputation, as well as for private individuals trying to steer clear of fraud,” said Ciprian Istrate, Bitdefender’s Vice President for Consumer Solutions.
“Digital Identity Protection finally brings a professional-quality approach to safeguarding your most valuable asset – your reputation.”
The percentage of companies admitting to suffering a mobile-related compromise has grown, despite a higher percentage of organizations deciding not to sacrifice the security of mobile devices to meet business targets.
To make things worse, the C-suite is the most likely group within an organization to ask for relaxed mobile security protocols – despite also being highly targeted by cyberattacks.
In order to select a suitable mobile security solution for your business, you need to consider a lot of factors. We’ve talked to several industry professionals to get their insight on the topic.
Liviu Arsene, Global Cybersecurity Analyst, Bitdefender
A business mobile security solution needs to have a clear set of minimum abilities or features for securing devices and the information stored on them, and for enabling IT and security teams to remotely manage them easily.
For example, a mobile security solution for business needs to have excellent malware detection capabilities, as revealed by third-party independent testing organizations, with very few false positives, a high detection rate, and minimum performance impact on the device. It needs to allow IT and security teams to remotely manage the device by enabling policies such as device encryption, remote wipe, application whitelisting/blacklisting, and online content control.
These are key aspects for a business mobile security solution as it both allows employees to stay safe from online and physical threats, and enables IT and security teams to better control, manage, and secure devices remotely in order to minimize any risk associated with a compromised device. The mobile security solution should also be platform agnostic, easily deployable on any mobile OS, centrally managed, and allow users to switch from profiles covering connectivity and encryption (VPN) settings based on the services the user needs.
Fennel Aurora, Security Adviser at F-Secure
Making any choice of this kind starts from asking the right questions. What is your company’s threat model? What are your IT and security management capabilities? What do you already know today about your existing IT, shadow IT, and employees bring-your-own-devices?
If you are currently doing nothing and have little IT resources internally, you will not have the same requirements as a global corporation with whole departments handling this. As a farming supplies company, you will not face the same threats, and so have the same requirements, as an aeronautics company working on defense contracts.
In reality, even the biggest companies do not systematically do all of the 3 most basic steps. Firstly, you need to inventory your devices and IT, and be sure that the inventory is complete and up-to-date as you can’t protect what you don’t know about. You also need at minimum to protect your employees’ devices against basic phishing attacks, which means using some kind of AV with browsing protection. You need to be able to deploy and update this easily via a central tool. A good mobile AV product will also protect your devices against ransomware and banking trojans via behavioral detection.
Finally, you need to help people use better passwords, which means helping them install and start using a password manager on all their devices. It also means helping them get started with multi-factor authentication.
Jon Clay, Director of Global Threat Communications, Trend Micro
Many businesses secure their PC’s and servers from malicious code and cyber attacks as they know these devices are predominately what malicious actors will target. However, we are increasingly seeing threat actors target mobile devices, whether to install ransomware for quick profit, or to steal sensitive data to sell in the underground markets. This means is that organizations can no longer choose to forego including security on mobile devices – but there are a few challenges:
- Most mobile devices are owned by the employee
- Most of the data on the mobile device is likely to be personal to the owner
- There are many different device manufacturers and, as such, difficulties in maintaining support
- Employees access corporate data on their personal devices regularly
Here are a few key things that organizations should consider when looking to select a mobile security solution:
- Lost devices are one reason for lost data. Requiring users to encrypt their phones using a passcode or biometric option will help mitigate this risk.
- Malicious actors are looking for vulnerabilities in mobile devices to exploit, making regular update installs for OS and applications extremely important.
- Installing a security application can help with overall security of the device and protect against malicious attacks, including malicious apps that might already be installed on the device.
- Consider using some type of remote management to help monitor policy violations. Alerts can also help organizations track activities and attacks.
Discuss these items with your prospective vendors to ensure they can provide coverage and protection for your employee’s devices. Check their research output to see if they understand and regularly identify new tactics and threats used by malicious actors in the mobile space. Ensure their offering can cover the tips listed above and if they can help you with more than just mobile.
Jake Moore, Cybersecurity Specialist, ESET
Companies need to understand that their data is effectively insecure when their devices are not properly managed. Employees will tend to use their company-supplied devices in personal time and vice versa.
This unintentionally compromises private corporate data, due to activities like storing documents in unsecure locations on their personal devices or online storage. Moreover, unmanaged functions like voice recognition also contribute to organizational risk by letting someone bypass the lock screen to send emails or access sensitive information – and many mobile security solutions are not fool proof. People will always find workarounds, which for many is the most significant problem.
In oder to select the best mobile security solution for your business you need to find a happy balance between security and speed of business. These two issues rarely go hand in hand.
As a security professional, I want protection and security to be at the forefront of everyone’s mind, with dedicated focus to managing it securely. As a manager, I would want the functionality of the solution to be the most effective when it comes to analyzing data. However, as a user, most people favor ease of use and convenience at the detriment of other more important factors.
Both users and security staff need to be cognizant of the fact that they’re operating in the same space and must work together to strike the same balance. It’s a shared responsibility but, importantly, companies need to decide how much risk they are willing to accept.
Anand Ramanathan, VP of Product Management, McAfee
The permanent impact of COVID-19 has heightened attacker focus on work-from-home exploits while increasing the need for remote access. Security professionals have less visibility and control over WFH environments where employees are accessing corporate applications and data, so any evaluation of mobile security should be based on several fundamental criteria:
- “In the wild security”: You don’t know if or how mobile devices are connecting to a network at any given time, so it’s important that the protection is on-device and not dependent on a connection to determine threats, vulnerabilities or attacks.
- Comprehensive security: Malicious applications are a single vector of attack. Mobile security should also protect against phishing, network-based attacks and device vulnerabilities. Security should protect the device against known and unknown threats.
- Integrated privacy protection: Given the nature of remote access from home environments, you should have the ability to protect privacy without sending any data off the device.
- Low operational overhead: Security professionals have enough to do in response to new demands of supporting business in a COVID world. They shouldn’t be obligated to manage mobile devices differently than other types of endpoint devices and they shouldn’t need a separate management console to do so.
COVID-19-themed scams are exploding both online and offline. Hijacked Twitter accounts peddling fake cures, scammy sites offering emergency supplies, misinformation campaigns, phishing emails and – can you believe it? – even a computer antivirus solution that protects against COVID-19! What will online scammers think of next?
Corona Antivirus, compromised routers and fake apps
Malwarebytes researchers have spotted a website advertising “Corona Antivirus -World’s best protection” – a digital antivirus that supposedly protects against the actual COVID-19.
The software offered for download (update.exe) is malware that turns the victim’s computer into a DDoS-capable bot. It can also take screenshots, steal saved passwords, log keystrokes, steal Bitcoin wallets and execute scripts.
Bitdefender warns about attackers hijacking Linksys routers through brute-forcing and altering their DNS server settings so that they point users towards malicious Coronavirus-themed webpages. The pages in question are prompting victims to install the “COVID-19 Inform App”:
What they will download and install is relatively new information-stealing malware called Oski, which can extract and steal credentials saved in browsers and cryptocurrency wallet passwords.
Charity and supply scams
Cybercriminals are trying to impersonate charities and the WHO to get users’ money, but Sophos researchers have also spotted scammy emails trying to sell “insider information” from a “military source” on how to survive COVID-19:
They are also warning about hijacked Twitter accounts advertising “a dodgy looking face mask/toilet paper/digital forehead thermometer online store.”
Europol has recently busted a global counterfeit medicine operation selling bogus “Corona sprays”, counterfeit surgical masks and testing kits, and unauthorised antiviral medications online.
Phishing emails offering checks
The FBI is urging users to be on the lookout for phishing emails asking them to verify their personal information in order to receive an economic stimulus check from the government.
“While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money,” the Bureau noted.
Abnormal Security researchers have spotted a similar scheme in the form of fake emails from a major financial institution.
“This attack leverages the economic uncertainty around COVID-19. As the economy has come to a standstill, the attackers realize that many will be seeking relief from their credit card bills, especially if they are one of the many workers whose hours have been reduced or who have been laid off,” the researchers noted.
“The attacker created a very convincing email and landing page that appeared to come from a major financial institution. The email they created indicated that this financial institution was offering financial relief to their current credit card customers if those customers completed a form.”
Those who fall for the scheme will have their name, address, phone number, credit card number, expiration date, and the CVV code stolen.
Tips on avoiding online and offline COVID-19 scams
Users are urged to be very skeptical of any offers they get and to check their legitimacy – whether these are products, treatments, checks, or investment opportunities.
“Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if there is a medical breakthrough, you won’t hear about it for the first time through an email, online ad, or unsolicited sales pitch,” the US DOJ notes.
Also: “Be cautious of ‘investment opportunities’ tied to COVID-19, especially those based on claims that a small company’s products or services can help stop the virus. If you decide to invest, carefully research the investment beforehand.”
Needless to say, all scams and fraud attempts should be reported to the authorities.