The European Union (EU) General Data Protection Regulation (GDPR) is set to come into force on 25 May 2018. However, many IT, security and compliance leaders in the EU and globally still have a long way to go before they can truly describe themselves as "GDPR-ready." Artificial intelligence (AI) can make valuable contributions toward GDPR preparations and operational compliance.
We are seeing another outbreak of ransomware that appears to be a combination of previous other ransomware campaigns. As is always the case, criminal gangs learn from each other.
Petya was successful in 2016 using email attack campaigns and a ransomware-as-a-service business model. Wannacry introduced new worm propagation techniques proving highly successful in hitting thousands of systems in a short time span last month.
Cisco recently announced the term “intent-based networking” in a press release that pushes the idea that networks need to be more intuitive. One element of that intuition is for networks to be more secure without requiring a lot of heavy lifting by local network security professionals. And a featured part of that strategy is Cisco ETA:
"Cisco's Encrypted Traffic Analytics solves a network security challenge previously thought to be unsolvable," said David Goeckeler, senior vice president and general manager of networking and security. "ETA uses Cisco's Talos cyber intelligence to detect known attack signatures even in encrypted traffic, helping to ensure security while maintaining privacy."
Earlier this month Vectra announced plans to leverage the capabilities of VMware NSX to accelerate the detection and mitigation of hidden cyber attackers in virtualized data centers.
Vectra currently applies artificial intelligence to automatically detect attacker behaviors inside virtualized data centers. Vectra also integrates with endpoint and network response tools to automate the workflow.
Vectra Networks last week published the 2017 Post-Intrusion Report, which covers the period from January through March. While there are plenty of threat research reports out there, this one offers unique insights about real-world cyber attacks against actual enterprise networks.
Most industry security reports focus on statistics of known threats (exploits and malware families) or give a post-mortem look back at breaches that were successful. The first one looks at threats that network perimeter defenses were able to block and the second lists attacks that were missed entirely.
Vectra Threat Labs analyzed the WannaCry ransomware to understand its inner workings. They learned that while the way it infects computers is new, the behaviors it performs are business as usual.
WannaCry and its variants behave similarly to other forms of ransomware that Vectra has detected and enabled customers to stop before experiencing widespread damage. This is a direct benefit of focusing on detecting ransomware behaviors rather than specific exploits or malware. Many of WannaCry’s behaviors are reconnaissance and lateral movement on the internal network, within the enterprise perimeter.
What just happened?
A ransomware attack is spreading very rapidly among unpatched Windows systems worldwide. This morning, the attack was initially believed to target the UK National Health Service, but throughout the day, it has become apparent this is a global attack.
Kaspersky labs reported on Friday afternoon that at least 45,000 hosts in 74 countries were infected. Avast put the tally at 57,000 infections in 99 countries. All this, during just 10 hours. Of those infected hosts, Russia, Ukraine and Taiwan were the top targets.
There is some startling data in the 2017 Verizon Data Breach Investigation Report. What stood out to me as most concerning is that more breaches occurred in healthcare this year than last year. After reviewing the report, I see three key trends.
- The real threat is already inside healthcare networks in the form of privileged access misuse
- When healthcare organizations are hit from the outside, it is usually ransomware extorting them for money
- The growth in healthcare IoT is overwhelming and dangerous
Whether the task is driving a nail, fastening a screw, or detecting a hidden HTTP tunnel, it pays to have the right tool for the job. The wrong tool can increase the time to accomplish a task, waste valuable resources, or worse. Leveraging the power of machine learning is no different.
Vectra has adopted the philosophy of implementing the most optimal machine learning tool for each attacker behavior detection algorithm. Each method has its own strengths.
Confusion reigns on the origin of the term "bullseye." Some say it started when English archers showed off their accuracy by shooting arrows through the empty eye socket of a bull skull. Others contend it was a reference to a blemish in the center of a glass window pane.