Nov 7, 2024 | A malicious Python package called “Fabrice” was typosquatting the popular Fabric SSH automation library, exfiltrating AWS credentials from unsuspecting developers. With over 37,000 downloads on PyPI since 2021, the package used encoded payloads and a VPN-based proxy server to covertly steal data.
Nov 6, 2024 | As OT and IT systems converge, organizations face new cybersecurity risks. The Colonial Pipeline attack underscored the high stakes: an OT breach can halt operations, resulting in severe financial losses. To counter such threats, IT leaders must embrace proactive cybersecurity strategies.
Effective OT security measures include isolating OT from IT networks, implementing 24/7 monitoring, conducting regular audits, and training staff on cybersecurity best practices. With the right approach, companies can turn cybersecurity challenges into opportunities for resilience and innovation.
Nov 4, 2024 | SentinelOne is advancing its goal of an autonomous SOC with AI-driven updates to the Singularity platform. New features boost threat detection, streamline workflows, and enhance data integration to improve security operations.
Nov 4, 2024 | As TPRM grows, MSSPs offer essential support by closing visibility and expertise gaps. A recent BlueVoyant report shows progress: only 81% of organizations reported supply chain security incidents this year, down from 94%. MSSPs bring continuous oversight, bolstering TPRM programs by helping manage third-party relationships in increasingly complex supply chains.
BlueVoyant’s report highlights increased TPRM budgets and a shift to active risk reduction. MSSPs can support this evolution with their threat intelligence, continuous monitoring, and sector-specific expertise, enabling organizations to handle complex, evolving supply chain threats effectively.
October 31, 2024 | This Halloween, beware the latest cyber threats: deepfake scams, AI-driven phishing, and a surge in zero-day exploits. These frightening trends pose serious risks to users and businesses alike.
Oct 31, 2024 | The NICE cybersecurity hiring framework is a solid foundation for building a security team but needs updates for modern challenges. Experts suggest enhancing knowledge areas, expanding skill sets, and introducing new roles to improve software supply chain security (SSCS).
Oct 31, 2024 | This Halloween, cybersecurity reports reveal chilling insights: 17.8M phishing emails bypassed protections, 46% of breaches involved non-human identities, and deepfake fraud surged 3,000%. AI risks and API vulnerabilities doubled.
Oct 31, 2024 | The 2024 cybersecurity landscape revealed alarming trends. AI-driven threats surged, ransomware incidents repeated, and DDoS attacks spiked by 265%. Credential misuse led to 91% of breaches, while 95% of organizations reported API security issues.
Oct 30, 2024 | A Nationwide survey finds that despite rising AI-driven cyber threats, many businesses lack comprehensive cyber insurance. While 82% of risk managers fear future attacks due to GenAI, only 68% have insurance, and 36% face challenges renewing coverage. Chad Graham from Critical Start highlights the value of insurance in mitigating financial losses and supporting business recovery after cyber incidents. The survey also notes that 76% of affected businesses took over a month to recover, emphasizing the need for better protection.
Oct 30, 2024 | The FakeCall Android trojan has adopted advanced evasion and surveillance techniques, heightening risks for users and organizations. With the ability to intercept calls, mimic legitimate interfaces, and control device UIs, FakeCall tricks users into divulging sensitive financial details. Enhanced code obfuscation and remote control functions make detection difficult, posing significant threats to banks, enterprises, and individuals without robust mobile security.
Oct 29, 2024 | Over six years since the Spectre flaw was first revealed, Intel and AMD processors remain susceptible to speculative execution attacks. ETH Zurich researchers found these attacks exploit the Indirect Branch Predictor Barrier (IBPB) on x86 chips. While speculative execution boosts CPU performance, attackers can manipulate it to access unauthorized data, like encryption keys.
Intel issued a microcode patch (CVE-2023-38575), while AMD continues tracking its issue as CVE-2022-23824. John Gallagher from Viakoo Labs notes that speculative execution, present in all modern CPUs, enhances speed but comes with risks that are tough to patch.
Oct 24, 2024 | SentinelOne is advancing its goal of an autonomous SOC with AI-driven updates to the Singularity platform. New features boost threat detection, streamline workflows, and enhance data integration to improve security operations.
Oct 23, 2024 | Trellix’s survey reveals that 91% of CISOs foresee increased turnover due to expanding responsibilities, with nearly half (49%) considering leaving the role unless significant changes occur. Experts suggest dividing the role into technical (CISO) and business (BISO) positions to reduce strain.
Oct 23, 2024 | Just months after Europol’s takedown of botnets in Operation Endgame, the Bumblebee malware downloader has resurfaced, posing renewed threats to corporate networks with stealthier, harder-to-detect tactics.
Oct 23, 2024 | In 2023, 70% of exploited vulnerabilities were zero-days, with the average Time-to-Exploit dropping to just five days. Experts urge companies to boost defenses, as Mandiant’s findings reveal a need for rapid response teams and enhanced threat detection.
Oct 22, 2024 | The Bumblebee malware, used to deploy Cobalt Strike and ransomware, has reappeared in an infection chain since Europol’s May 2024 Operation Endgame takedown. Netskope researchers identified a new infection method via phishing emails, signaling Bumblebee’s potential resurgence
Oct 17, 2024 | As Industry 4.0 connects manufacturing to the digital world, the sector faces a rising threat landscape. Cybercriminals are adapting tactics, targeting manufacturing systems, and exploiting legacy security gaps. Key challenges include evolving ransomware, IP theft, and regulatory pressures driving cybersecurity awareness.
October 11, 2024 | Fidelity Investments reported a data breach that exposed the personal information of 77,009 customers between August 17 and 19. While no funds were compromised, attackers accessed customer data using two newly created accounts. Experts warn the breach could lead to future attacks, heightening risks of identity theft and fraud. Fidelity assured that no ransomware was involved and offers free credit monitoring to those affected.
October 11, 2024 | Fidelity Investments reported a data breach impacting 77,000 customers. The breach, detected on August 19, involved unauthorized access to personal information but no financial accounts. Fidelity offers 24 months of free credit monitoring to affected customers. They recommend reviewing account statements, placing fraud alerts, and changing passwords for added security.
October. 10, 2024 | Fidelity Investments confirmed a data breach affecting 77,099 customers in August. Attackers accessed personal information from two accounts, but no financial data was compromised. The company is offering 24 months of free credit monitoring to those impacted.
October 10, 2024 | Fidelity Investments disclosed a data breach that affected 77,099 customers. The breach occurred on August 17 and was discovered on August 19, with unauthorized access to customer information through two newly established accounts. While no financial accounts were impacted, personal information was compromised. Fidelity is offering 24 months of free credit monitoring via TransUnion.
Experts speculate that a security vulnerability may have allowed the attackers to access customer data. Fidelity has since launched an investigation to prevent future incidents.
October 10, 2024 | Fidelity Investments has notified over 77,000 customers that their personal information was compromised in a data breach between August 17 and 19. The breach, the second this year for Fidelity, occurred when an unauthorized third party accessed two customer accounts. While no funds were affected, experts warn of potential risks for identity theft and fraud. Fidelity is offering 24 months of free credit monitoring to impacted customers.
October 9, 2024 | Major tech companies like TD Synnex, ConnectWise, Critical Start, ThoughtSpot, Microsoft, CrowdStrike, and Capgemini made significant executive changes this month. Notably, Scott White was appointed CEO of Critical Start after serving as COO and revenue officer at DoiT International for four years. With over 16 years at Rackspace, where he held the role of VP of Sales before departing in 2018, White brings extensive experience to his new position.
October 9, 2024 | Apple has released macOS Sequoia 15.0.1, addressing compatibility problems with Microsoft, SentinelOne, and CrowdStrike tools. These issues posed security risks by impairing software functionality. Experts urge users to implement the update immediately.
October 8, 2024 | Apple’s macOS 15.0.1 patch addresses compatibility problems affecting CrowdStrike, SentinelOne, and Microsoft security software. The previous release caused crashes and reduced functionality, posing security risks. Experts urge teams to update immediately to ensure robust protection and compatibility with security tools.
October 4, 2024 | Critical Start has appointed Stuti Bhargava as its new Chief Customer Officer (CCO). With over 20 years of experience in customer success within the tech sector, Bhargava will focus on strengthening client relationships and delivering tailored solutions.
Previously, she served as Chief Customer Experience Officer at OneSpan, where she developed comprehensive customer journey strategies. Bhargava has also led customer success teams at BitSight, ImmersiveLabs, and Actifio, enhancing growth in early-stage cybersecurity startups.
October 7, 2024 | Critical Start has appointed Stuti Bhargava as Chief Customer Officer. With over 20 years of tech industry experience, she will enhance client relationships and drive customer success initiatives.
Bhargava previously served as Chief Customer Experience Officer at OneSpan and has led customer success teams at various cybersecurity firms. “I’m excited to help Critical Start advance its mission of fostering cyber resilience,” she stated.
October 4, 2024 | Davenforth, a family office based in Austin, has acquired Frisco-based TeleCloud and Pennsylvania’s Third Generation. This move launches a new managed IT, voice, and networking platform, servicing 21,500 users across 900 businesses.
While terms of the acquisitions were not disclosed, both companies will maintain independent operations with their existing leadership teams. “This partnership allows us to enhance our offerings and empower our team members,” said TeleCloud founder Rusty Bridges.
Davenforth aims to build a robust platform delivering exceptional cloud communication and managed services, ensuring high customer retention and satisfaction.
September 4, 2024 | Mary Barra, CEO of General Motors, is steering the company through a second major transformation: the shift from internal combustion engines to electric vehicles (EVs). Despite slowing demand for EVs, Barra remains committed to GM’s goal of going gas-free by 2035. Having led the automaker through past crises, Barra’s leadership style reflects a long-term vision, balancing customer demand with bold innovation.
October 3, 2024 | Microsoft, SentinelOne, and CrowdStrike lead Gartner’s 2024 Magic Quadrant for endpoint protection platforms (EPP). These platforms play a crucial role in safeguarding some of the most vulnerable areas in corporate networks.
EPPs protect against malware, insider threats, and breaches across various devices like PCs, servers, and mobile phones. As attacks on endpoints rise, companies increasingly adopt unified protection platforms, with EPPs becoming key for MSSPs.
October 3, 2024 | Data shows little impact on stock prices following cyber incident disclosures required by the SEC’s new rules. In some cases, share prices even rose.
October 3, 2024 | Manufacturing Day kicks off today, launching a month-long series of events across the U.S. where over 1,600 manufacturers and schools host expos, tours, and presentations aimed at inspiring the next generation of workers. Workforce challenges remain a top concern as the sector faces a need for 3.8 million new employees by 2033, with nearly half of these roles potentially going unfilled.
This year’s focus highlights Industry 4.0 and rising cyber threats. “Manufacturing still has a long way to go in securing its cyber defenses,” says Craig Jones, VP of Security Operations at Ontinue, noting the sharp increase in cyberattacks on the sector in 2024.
Through partnerships with schools, STEM career promotion, and robust training programs, Manufacturing Day provides an opportunity for the industry to not only close the labor gap but develop expertise crucial for securing its future.
October 3, 2024 | Critical Start, a provider of MDR cybersecurity solutions, has appointed Stuti Bhargava as Chief Customer Officer (CCO). Bhargava, with over 20 years of experience in customer success within the tech industry, will lead efforts to enhance client relationships and service standards.
CEO Scott White highlighted Bhargava’s expertise, stating her experience will elevate customer relationships and align Critical Start’s offerings with evolving strategies.
Bhargava, previously with OneSpan, expressed her excitement about joining Critical Start, citing the importance of cybersecurity and customer success during a pivotal time for the industry.
October 2, 2024 | Happy Manufacturing Day 2024! This annual celebration aims to inspire interest in manufacturing careers and unite organizations in tackling industry challenges. Leaders emphasize the importance of technology and innovation to overcome workforce shortages and enhance efficiency. As cyber threats rise, the need for robust cybersecurity measures in manufacturing becomes critical.
October 2, 2024 | U.S.-based chief information security officers (CISOs) now earn an average of $565K annually, with top earners surpassing $1 million. The top 1% command starting salaries of $3 million, according to a report by IANS Research and Artico Search.
Despite slower hiring, the CISO role is expanding, with responsibilities and security budgets growing. While turnover has decreased, job changes still lead to the highest pay increases.
October 2, 2024 | North Korean hacking group Stonefly has shifted from espionage to financially motivated attacks, with security experts predicting future ransomware extortion incidents. Symantec’s Threat Hunter Team revealed that Stonefly targeted three U.S. organizations in August. Though ransomware wasn’t deployed, researchers believe these attacks were financially driven.
Stonefly, linked to North Korean military intelligence, has been active since 2009, and this move follows a broader trend of state-sponsored groups engaging in ransomware for revenue generation.
September 27, 2024 | The China-linked group Salt Typhoon has targeted several U.S. internet service providers (ISPs) for espionage, according to Microsoft. This advanced persistent threat (APT) aims to infiltrate critical infrastructure and gather intelligence for future attacks. Experts warn that compromised ISPs could disrupt vital services and expose sensitive data.
September 25, 2024 | Arkansas City, Kansas, experienced a cybersecurity incident affecting its water treatment facility on September 22. The incident led to a temporary switch to manual operations, but no disruption in water services for the city’s 12,000 residents occurred.
City Manager Randy Frazer assured residents that “the water supply remains completely safe” as cybersecurity experts work to restore automated systems. The city’s swift response involved collaboration with cybersecurity professionals to maintain water safety and investigate the breach.
Cyber threats to water treatment facilities are increasing, highlighting the need for robust cybersecurity measures. Experts note that these facilities are prime targets for cybercriminals, underscoring the importance of vigilance and preparedness against potential ransomware attacks.
September 24, 2024 | The FBI and Department of Homeland Security are investigating a cyberattack on Arkansas City’s water treatment facility. City Manager Randy Frazer confirmed that the attack, which took place on September 22, involved a ransom request but did not compromise sensitive information. The facility has switched to manual operations to ensure safe drinking water during the investigation.
September 23, 2024 | Cyber ranges are vital for cybersecurity professionals to stay updated on threats and sharpen their skills. These simulated environments, used by governments and organizations, provide hands-on training for real-world scenarios. Recent initiatives like Ukraine’s Cyber Range UA and the U.S. Navy’s National Cyber Range exemplify the growing focus on effective cyber defense training.
September 20, 2024 | N-able’s new report reveals a 56% rise in cyberattacks on Microsoft 365 in 2024. Surveyed MSPs reported a significant increase in disaster recovery events and a 46% uptick in offering backup services. Chris Groot from N-able emphasizes the need for ransomware-resilient architectures to combat these threats.
September 20, 2024 | Critical Start has appointed Scott White as its new CEO, succeeding founder Rob Davis, who will now serve as executive chairman. White, an experienced technology executive, aims to enhance innovation and service delivery at the leading managed detection and response (MDR) cybersecurity provider.
“I’m honored to join Critical Start and build upon the strong legacy established by Rob Davis,” White stated. His previous role as COO and CRO at DoiT International contributed to a significant growth in bookings, showcasing his capability to lead successful teams. Davis expressed confidence in White’s vision for the company, which has seen record growth this year.
September 20, 2024 | The hacking group TeamTNT has launched a new attack campaign targeting VPS servers running CentOS. Known for cryptojacking and active since 2019, TeamTNT is exploiting SSH vulnerabilities to infiltrate systems.
Researchers from Group-IB report that the attackers use brute-force SSH attacks to install a malicious script that disables security features, modifies system files, and removes cryptocurrency mining processes. The script also deploys the Diamorphine rootkit to enable covert control and persistence on compromised hosts.
Security experts warn that TeamTNT’s focus on CentOS, especially outdated versions like CentOS 7, highlights the importance of securing cloud infrastructures and applying the latest patches.
A series of macOS vulnerabilities in the Calendar app exposed iCloud data by bypassing security features like Gatekeeper and TCC. Researcher Mikko Kenttälä discovered the flaws, which allowed remote code execution (RCE) without user interaction. The exploit chain, rated as high as 9.8 on the CVSS scale, enabled attackers to access sensitive data, including iCloud Photos. Apple has since patched the vulnerabilities.
September 18, 2024 | A zero-click vulnerability chain in macOS allowed attackers to bypass security features like Gatekeeper and TCC, exposing sensitive iCloud data, including photos. Researcher Mikko Kenttälä discovered the flaw by exploiting a file sanitization issue in Calendar invites, which enabled remote code execution (RCE) without user interaction.
Apple has since patched the vulnerabilities, but this incident highlights ongoing risks to macOS security.
September 18, 2024 | A recent Cyber Risk Peer Benchmarking Report from Critical Start reveals a disconnect between strategy and execution in cyber risk management. While 91% of organizations recognize the importance of a strong cyber risk strategy, many struggle with execution, especially as they grow larger. Key challenges include poor asset visibility, delayed vulnerability remediation, and ineffective risk measurement.
Cybersecurity workforce shortages further magnify the issue, but with data-driven decisions and benchmarking insights, organizations can bridge the gap and enhance cyber resilience.
September 18, 2024 | Ransomware groups like LockBit, Play, and BlackBasta are behind 40.54% of attacks in 2024. Defenders need to adapt to evolving tactics. Key strategies include securing Windows and Linux systems, enhancing endpoint detection, patching vulnerabilities, and strengthening supply chains. As these groups grow more organized, security teams must focus on rapid response and proactive defense to stay ahead.
September 17, 2024 | Critical Start, a leader in Managed Detection and Response (MDR) cybersecurity solutions, has appointed Scott White as the new Chief Executive Officer. White, an experienced technology executive, joins from DoiT International, where he led substantial growth. Rob Davis, Critical Start’s Founder, will serve as Executive Chairman and continue supporting the company’s mission to prevent breaches and business disruption.
White expressed excitement about building on the company’s strong foundation, while Davis expressed confidence in White’s leadership to drive continued success.
September 17, 2024 | National Insider Threat Awareness Month highlights the need to address insider risks—whether accidental or malicious. Cybersecurity experts share strategies for mitigating threats from within, focusing on Zero Trust, data protection, and continuous monitoring.
September 17, 2024 | GitLab has released security updates for 17 vulnerabilities, including a critical flaw (CVE-2024-6678) with a CVSS score of 9.9/10. This bug allows attackers to run pipeline jobs as any user, risking unauthorized code deployment and data tampering. Security experts warn of potential privilege escalation and software supply chain compromise if left unpatched. Immediate patching, along with stricter access controls and continuous monitoring, is crucial to mitigate these risks.
September 16, 2024 | Asset visibility is key to improving Managed Detection and Response (MDR) outcomes. Incomplete asset inventories leave organizations vulnerable to cyber threats. Experts highlight the need for continuous asset monitoring, unified inventory systems, and prioritizing remediation efforts based on asset criticality for effective endpoint security.
September 13, 2024 | GitLab has patched a critical vulnerability (CVE-2024-6678) with a CVSS score of 9.9, which could allow attackers to trigger a CI/CD pipeline as an arbitrary user, leading to privilege escalation and software supply chain risks. Experts stress the need for immediate patching and supply chain security measures.
Sept 12, 2024 | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning, urging U.S. federal agencies to patch four high-risk Microsoft vulnerabilities by the end of the month. These include CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217, which are actively being exploited. Experts emphasize the urgency of addressing these vulnerabilities, especially in critical sectors like healthcare, finance, and government.
September 12, 2024 | Cyberattacks are increasingly threatening industries vital to global economies. In H1 2024, sectors like Manufacturing, Healthcare, and Professional Services saw significant spikes in attacks, with Manufacturing reporting 377 incidents. These cyber threats disrupt operations and pose risks to economic stability.
Sept 11, 2024 | U.S. federal civilian agencies have until the end of September to patch four critical Microsoft vulnerabilities, now being actively exploited. The bugs — CVE-2024-38226, CVE-2024-43491, CVE-2024-38014, and CVE-2024-38217 — impact popular Microsoft tools like Windows Installer and Publisher.
Randy Watkins, CTO at Critical Start, stressed that failing to address these issues could result in severe data breaches and downtime. Experts warn that these flaws are part of multi-stage attack chains, posing a major risk to industries like healthcare, finance, and government.
Sept 11, 2024 | The North Korean hacking group Lazarus has launched a new campaign targeting developers through fake coding tests. Posing as recruiters from prominent firms like Capital One, they lure victims via LinkedIn, tricking them into executing malicious code hidden in altered Python modules.
This campaign represents an evolution in Lazarus’ tactics, moving beyond financial institutions to target developer environments. Experts urge developers to implement Zero Trust principles, rigorous code reviews, and use sandbox environments to defend against this growing threat.
September 9, 2024 | U.S. water systems are facing rising cyber threats from China, Russia, and Iran. While no major impacts have occurred yet, experts warn that outdated operational technology (OT) leaves water infrastructure highly vulnerable. Despite these risks, attempts to implement cybersecurity standards have faced legal challenges, leaving this critical sector exposed.
Sept 05, 2024 | A vulnerability known as “Eucleak” puts YubiKey 5 devices with firmware below 5.7 at risk of cloning attacks. The flaw, discovered by NinjaLabs, allows attackers to steal ECDSA private keys, account data, and PINs through side-channel exploitation of the Infineon cryptographic library. Experts urge immediate firmware updates and stronger security practices to mitigate the risk.
Sept 05, 2024 | Planned Parenthood has confirmed a cyberattack on its Montana organization, forcing parts of its IT infrastructure offline. The RansomHub ransomware gang, which claimed responsibility, threatened to leak 93 GB of stolen data if demands are unmet within six days.
Attempts to reach Planned Parenthood’s headquarters were unsuccessful. The size of the ransom is unknown, and it remains unclear if Planned Parenthood plans to negotiate.
This attack comes amid heightened attention on abortion rights, particularly in light of Montana’s upcoming statewide vote on adding abortion rights to its constitution.
Sept 05, 2024 | A recently discovered flaw, “Eucleak,” exposes YubiKey 5 devices with firmware below 5.7 to cloning attacks. The vulnerability allows attackers to steal private keys and sensitive data. Experts recommend updating firmware and improving physical security.
Sept 05, 2024 | The BlackByte ransomware group has been exploiting a new VMware ESXi vulnerability (CVE-2024-37085) for authentication bypass attacks. This shift highlights their ability to adapt quickly to emerging threats, targeting enterprise infrastructures with high-impact ransomware campaigns. Experts stress the need for timely patches, multi-factor authentication, and stronger access controls to mitigate risks.
Sept 04, 2024 | The Exploit Prediction Scoring System (EPSS) helps organizations prioritize vulnerabilities by predicting their likelihood of exploitation. A study shows that EPSS, used with other inputs like CVSS scores, improves vulnerability remediation. With EPSS, companies can better address vulnerabilities based on actual threat activity, reducing wasted efforts and focusing on the most critical risks.
Sept 02, 2024 | In the first half of 2024, cybercrime surged across industries, with ransomware and database leaks hitting Manufacturing and Industrial Products the hardest. Healthcare saw a 180% spike in attacks, while Professional Services reported a 15% increase. In contrast, technology firms saw a slight decrease in incidents. Business Email Compromise (BEC), deepfakes, and attacks exploiting open-source repositories also grew, signaling the need for stronger cybersecurity defenses.
August 30, 2024 | Critical Start’s Cyber Research Unit analyzed over 3,400 high-risk alerts and 4,600 reports across 24 industries. Key findings:
Emerging threats include a 3,000% rise in deepfake fraud and increasing abuse of open-source repositories.
August 29, 2024 | Cisco researchers discovered that the BlackByte ransomware group is hiding most of its attacks. Despite being highly active in 2024, BlackByte has only disclosed a fraction of its successful breaches. The group is quickly adapting, exploiting new vulnerabilities like VMware ESXi (CVE-2024-37085).
August 29, 2024 | The BlackByte ransomware group, believed to have branched off from Conti, is exploiting a newly discovered VMware ESXi authentication bypass flaw (CVE-2024-37085), as reported by Cisco Talos Incident Response. This marks a significant shift in their tactics, moving from traditional methods to leveraging this fresh vulnerability.
According to experts from BlueVoyant and Critical Start, this adaptation could make BlackByte’s attacks more effective and difficult to anticipate. The flaw, recently added to CISA’s Known Exploited Vulnerabilities catalog, is now a key focus for cybersecurity defenders as it resembles tactics used in advanced persistent threat operations.
August 29, 2024 | The BlackByte ransomware group, believed to have splintered from Conti, is exploiting a newly disclosed VMware ESXi authentication bypass flaw (CVE-2024-37085). According to Cisco Talos Incident Response, this marks a significant shift in BlackByte’s tactics, moving away from their usual methods like credential theft and web shells.
Experts, including BlueVoyant’s Austin Berglas and Critical Start’s Callie Guenther, note that this pivot to exploiting fresh vulnerabilities could make BlackByte’s attacks more unpredictable and challenging to defend against. The flaw was recently added to CISA’s Known Exploited Vulnerabilities catalog, signaling its serious potential for widespread abuse.
August 29, 2024 | BlackByte, likely a Conti spin-off, is now exploiting a newly disclosed VMware ESXi vulnerability (CVE-2024-37085). This allows attackers to gain full control over virtual machines, marking a shift from BlackByte’s traditional methods. Cisco Talos Incident Response reports that BlackByte’s rapid integration of this vulnerability shows their evolving tactics.
Experts like Callie Guenther at Critical Start stress the critical nature of this threat, particularly as ESXi hypervisors are integral to many enterprises. BlackByte’s new techniques include using outdated drivers to bypass security tools, making detection difficult.
Defenders must quickly patch systems, monitor access, and implement multi-factor authentication to counteract these sophisticated attacks.
August 28, 2024 | The first half of 2024 recorded over 3,438 high-risk cyber alerts, with a 46.15% rise in U.S. attacks. Critical sectors like manufacturing and healthcare remain primary targets, with ransomware incidents increasing significantly. Experts warn that trends like double extortion tactics and deepfake fraud are on the rise, emphasizing the need for robust security measures.
August 28, 2024 | The BlackByte ransomware group is exploiting a new authentication bypass vulnerability in VMware ESXi, signaling a shift from their traditional tactics. Researchers at Cisco Talos reported that BlackByte, believed to be an offshoot of the Conti gang, typically uses vulnerable drivers and legitimate tools to bypass security.
The newly exploited bug, CVE-2024-37085, was recently added to CISA’s Known Exploited Vulnerabilities catalog. This marks a departure from BlackByte’s usual methods, which included phishing and credential stuffing.
Austin Berglas of BlueVoyant noted that the exploitation of this vulnerability requires more persistence, indicating a deeper attack strategy that seeks to gain administrative access rather than just initial entry.
Callie Guenther of Critical Start emphasized the importance of targeting VMware ESXi, as it underpins many enterprise applications. “This shift shows their willingness to adopt cutting-edge methods, increasing the pressure on victims to pay the ransom,” she said.
August 28, 2024 | The BlackByte ransomware gang is revealing only a small portion of its successful attacks, according to Cisco Talos researchers. They estimate that the group posts extortion notices for just 20% to 30% of its breaches.
In 2023, BlackByte listed 41 victims but has disclosed only three so far in 2024, raising questions about its lack of transparency despite increased activity.
BlackByte has been linked to high-profile attacks on local governments and organizations like the San Francisco 49ers. Cisco Talos noted that the group is rapidly evolving, often exploiting newly disclosed vulnerabilities, such as CVE-2024-37085 in VMware ESXi software.
Researchers highlight the Ransomware-as-a-Service (RaaS) model’s flexibility, allowing BlackByte to quickly adapt and counter cybersecurity defenses.
August 26, 2024 | Critical Start has released its Cyber Threat Intelligence Report for the first half of 2024, revealing that manufacturing and industrial sectors are the most targeted by cybercriminals. The report highlights alarming trends, including a 3,000% increase in deepfake attacks and a projected 15% annual growth in global cybercrime, expected to reach $10.5 trillion by 2025.
Key findings include:
Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, emphasizes the importance of strong security strategies, including Managed Detection and Response (MDR) solutions, to mitigate these evolving threats.
August 26, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals that manufacturing remains the top target for cybercrime in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report indicates a 15% annual increase in global cybercrime, projected to reach $10.5 trillion by 2025.
Key findings include a 15% rise in cyberattacks on professional services and a staggering 180% increase in healthcare incidents. Despite a 12.75% decrease in tech-related attacks, the overall threat landscape remains concerning. Experts emphasize the need for robust Managed Detection and Response (MDR) solutions to mitigate risks effectively.
August 26, 2024 | Critical Start’s latest report highlights a 15% annual increase in global cybercrime, expected to reach $10.5 trillion by 2025. In the first half of 2024, over 3,400 high-risk alerts and 4,600 ransomware incidents were reported, with manufacturing and healthcare being the most affected sectors.
Experts urge organizations to enhance their cybersecurity strategies in response to these evolving threats.
August 26, 2024 | Universal Robots (UR) is embracing AI with its new machine tending solution, enhancing batch changeovers by eliminating fixtures. A recent survey of 1,200 manufacturers revealed that over 50% are now integrating AI and machine learning into production processes.
“AI isn’t just hype,” says Ujjwal Kumar, Group President of Teradyne Robotics. UR’s advancements include AI-based perception capabilities running on NVIDIA Jetson, enabling dynamic path planning for efficient, collision-free operation. Additionally, UR has launched enhanced Care Service Plans for preventive maintenance and performance monitoring, showcasing its commitment to service excellence.
August 23, 2024 | A new report from Critical Start reveals alarming trends in ransomware and database leaks, particularly affecting manufacturing, healthcare, and professional services. The Cyber Threat Intelligence Report highlights that manufacturing remains the top target, with 377 confirmed attacks in H1 2024.
Healthcare and life sciences saw a staggering 180% increase in breaches, and professional services experienced a 15% rise in ransomware incidents. Emerging threats such as Business Email Compromise are shifting focus to smaller businesses, while deepfake fraud attempts surged by 3,000%.
Experts stress the need for organizations to bolster their cybersecurity strategies in this rapidly evolving threat landscape.
August 23, 2024 | The Critical Start Cyber Threat Intelligence Report reveals that Manufacturing and Industrial Products faced the highest number of cyberattacks in H1 2024, with 377 ransomware and database leak incidents. The report highlights a 180% surge in healthcare breaches and emerging threats like Business Email Compromise targeting smaller firms and a staggering 3,000% increase in deepfake fraud attempts. Experts emphasize the need for robust cybersecurity strategies to mitigate these risks.
August 23, 2024 | The Critical Start Cyber Intelligence Report reveals that the manufacturing and healthcare sectors are the most targeted industries for cyberattacks in early 2024. The report analyzed over 4,600 ransomware and data leak incidents across 24 industries worldwide.
Manufacturing led the way in threats, while healthcare experienced a staggering 180% increase in data breaches compared to last year. Additionally, business email compromise is shifting focus from large corporations to smaller businesses, and deepfake fraud has surged by 3,000%. “With increasingly sophisticated threats, organizations must prioritize a robust security culture and strategy,” advises Callie Guenther, senior manager of cyberthreat research at Critical Start.
August 23, 2024 | Manufacturing and industrial sectors lead cyberattack targets in H1 2024, with deepfake fraud attempts surging by 3,000%. The report provides actionable insights for businesses to enhance security and mitigate risks.
August 22, 2024 | Critical Start’s Cyber Research Unit reported over 3,438 high and critical cyber alerts in the first half of 2024, with the U.S. seeing a 46.15% rise in attacks compared to 2023. Manufacturing remains the most targeted sector, with 377 confirmed ransomware and data leak incidents.
Key Findings:
Experts warn that breaches will likely rise, particularly in healthcare and critical infrastructure. Emerging threats include a shift toward smaller businesses in business email compromise (BEC) attacks, a 3,000% increase in deepfake fraud attempts, and abuse of open-source repositories.
To combat these threats, organizations are advised to implement zero-trust security models and enhance real-time threat intelligence.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the most targeted industry, with 377 ransomware and data leak incidents in H1 2024.
Key findings include:
Experts urge organizations to adopt robust cybersecurity measures, emphasizing network segmentation and zero-trust architectures to mitigate risks.
August 22, 2024 | A new report from Critical Start reveals a worrying rise in cyberattacks, particularly targeting healthcare and manufacturing in the first half of 2024. The Cyber Intelligence Report highlights that manufacturing topped the list with 377 confirmed ransomware and database leak incidents.
Healthcare and life sciences experienced a staggering 180% increase in breaches, while professional services reported a 15% rise in attacks. Interestingly, the engineering and construction sectors saw a 46% uptick in incidents, though technology companies noted a surprising 13% decrease in attacks.
Emerging threats include a shift in Business Email Compromise (BEC) tactics towards smaller businesses and a dramatic 3,000% rise in deepfake fraud attempts. Experts emphasize the importance of robust security strategies to counteract these evolving threats.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals significant threats in the first half of 2024, emphasizing manufacturing as the most targeted sector. The report highlights 377 confirmed ransomware and database leak incidents, alongside a 15% increase in attacks on professional services and a 180% surge in healthcare-related breaches.
Callie Guenther, Senior Manager of Cyber Threat Research, stresses the importance of a robust security strategy, noting the rising sophistication of cyber threats. The report also points to alarming trends, such as the 3,000% increase in deepfake fraud attempts and the targeting of smaller businesses by Business Email Compromise (BEC) scammers.
For ongoing updates on cyber threats, follow the Critical Start Intelligence Hub.
August 22, 2024 | Critical Start’s latest Cyber Threat Intelligence Report reveals manufacturing as the top target for cybercriminals in the first half of 2024. The report shows a rise in ransomware and database leaks, with manufacturing experiencing 377 confirmed incidents. Healthcare saw a 180% surge in attacks, while professional services faced a 15% increase. The report underscores the urgent need for organizations to enhance their cybersecurity measures amid escalating threats.
August 22, 2024 | New cyber threat intelligence reports reveal that manufacturing is the most targeted industry for cyber threats. Critical Start’s Cyber Threat Intelligence Report indicates nearly 400 confirmed ransomware and database leak incidents in the first half of 2024, with attacks exploiting supply chain vulnerabilities.
A recent attack on Crown Equipment disrupted operations, highlighting the industry’s risk. Phishing remains the most common attack method, as seen in the $60 million loss suffered by European chemical maker Orion SA due to a phishing scheme.
IBM X-Force’s 2024 report corroborates these findings, stating manufacturing has been the most targeted sector in Asia Pacific for two consecutive years, accounting for over a quarter of all security incidents. Experts stress the importance of robust cybersecurity measures as a competitive advantage in the manufacturing sector.
August 22, 2024 | Critical Start’s latest report highlights manufacturing as the most targeted sector for cyberattacks in H1 2024. The Cyber Research Unit analyzed thousands of alerts and reports, revealing a 15% annual growth in global cybercrime, projected to reach $10.5 trillion by 2025. Key findings include significant increases in attacks on healthcare and professional services, with experts urging organizations to adopt proactive cybersecurity measures.
August 22, 2024 | Cybercrime is projected to grow 15% annually, reaching $10.5 trillion by 2025. Critical Start’s latest Cyber Threat Intelligence Report reveals key trends from H1 2024, focusing on advanced persistent threats and new attack techniques. MSSPs and MSPs can leverage these insights to strengthen client defenses, especially in targeted sectors like manufacturing, healthcare, and professional services.
August 22, 2024 | A report from Critical Start reveals that manufacturing and industrial products were the top targets for cyberattacks in the first half of 2024, with 377 confirmed ransomware and database leak incidents. The report, based on 3,438 high-risk alerts, also highlights a 180% surge in healthcare attacks and a 3,000% increase in deepfake fraud attempts.
August 22, 2024 | A new report by Critical Start reveals manufacturing is the top target for cyberattacks in 2024, with 377 confirmed incidents. Healthcare saw a 180% spike in ransomware and data leaks, while deepfake fraud attempts surged by 3,000%. The report highlights a shift in business email compromise attacks towards smaller businesses and growing threats from open-source software repositories.
August 21, 2024 | A vulnerability in Microsoft Entra ID (formerly Azure AD) allows attackers to bypass security measures via the pass-through authentication (PTA) agent. This could enable unauthorized access to any synchronized Active Directory user, potentially escalating privileges to that of a Global Administrator.
Experts, including Sarah Jones from Critical Start, highlight the need for organizations to tighten security around PTA agent servers and enforce strong password policies and multi-factor authentication to mitigate these risks. As Tal Mandel Bar from DoControl notes, this vulnerability illustrates how cloud identity services can become prime targets, emphasizing the importance of robust SaaS security measures.
August 20, 2024 | A newly discovered bug in Microsoft Azure Kubernetes Services (AKS) could allow attackers with pod access to escalate privileges and access sensitive credentials. Mandiant’s research indicates that exploiting this vulnerability may lead to data theft and financial loss.
An attacker with command execution rights in a Kubernetes pod could download cluster provisioning configurations, extract TLS bootstrap tokens, and execute a TLS Bootstrap Attack, potentially reading all secrets within the cluster.
Experts highlight the risk of malicious insiders attempting to access unauthorized application secrets. While Microsoft has issued a patch, security teams must audit AKS configurations, rotate Kubernetes secrets, and enforce strict security policies.
August 20, 2024 | A critical vulnerability in Microsoft’s Azure Kubernetes Service (AKS) allows attackers with pod access to obtain sensitive credentials. Mandiant reported that this flaw can enable data theft and malicious actions within affected clusters.
Security experts urge organizations to audit their AKS configurations, enforce strict security policies, and rotate Kubernetes secrets immediately to mitigate risks.
August 16, 2024 | A ransomware attack on India’s payment system has been traced to CVE-2024-23897, a Jenkins vulnerability. The flaw in Jenkins’ Command Line Interface allowed attackers to exploit sensitive data, impacting the National Payments Corporation of India and its tech provider, C-Edge Technologies.
August 16, 2024 | Critical Start has introduced its Vulnerability Management Service (VMS) and Vulnerability Prioritization, designed to help organizations manage and reduce cyber risk exposure. Leveraging a collaboration with Qualys, the managed service offers comprehensive vulnerability assessment, prioritization, and reduction, focusing on high-risk vulnerabilities through expert analysis and contextualized reporting.
August 15, 2024 | A recent outage affecting 8.5 million Microsoft Windows machines stemmed from a flawed CrowdStrike software update, raising concerns about vendor reliance in IT services. The incident, which began on July 19, left users and businesses paralyzed as systems crashed, necessitating a major recovery effort from both companies.
The outage highlights the importance of cyber resilience, as experts stress the need for organizations to diversify their vendor ecosystems to avoid single points of failure. Raju Chekuri, CEO of Netenrich, emphasized that building cyber resilience isn’t just about security—it’s about ensuring systems can recover effectively after a failure.
This incident serves as a wake-up call for tech professionals to prioritize thorough testing and cautious rollout of software updates, balancing automation with human oversight.
August 15, 2024 | Critical Start has launched its Vulnerability Management Service (VMS) and Vulnerability Prioritization, essential components of its Managed Cyber Risk Reduction strategy. These offerings empower organizations to effectively manage, prioritize, and reduce cyber risk from vulnerabilities.
By leveraging Qualys VMDR, Critical Start’s fully managed service offloads the operational burden of vulnerability management, providing comprehensive scanning, monitoring, and reporting. Customers receive expert analysis and actionable insights, enabling them to focus on the vulnerabilities that pose the highest risk to their environment.
August 15, 2024 | MSSP Alert brings you the latest updates from the MSSP, MSP, and cybersecurity sectors. Today, the spotlight is on Critical Start, Qualys, Skyhigh Security, Everfox, and more.
August 14, 2024 | The ransomware group Brain Cipher gained attention after a major attack on Indonesian government services. On June 20, their operation disrupted national systems, leading to significant delays for ferry bookings and passport checks. Under pressure, they abandoned their $8 million ransom demand and released a free decryptor.
Researchers from Group-IB linked Brain Cipher to at least three other groups, indicating a lack of sophistication. Their malware is based on the leaked Lockbit 3.0 builder, and their ransom notes are clear but ineffective, as they failed to leak data from most victims. The use of multiple identities allows them to evade detection and complicate investigations.
August 13, 2024 | Critical Start has launched the Cyber Range, a free feature of its Critical Start Cyber Operations Risk & Response™ (CORR) Platform. This virtual environment simulates real-world cyber threats, allowing organizations to train their cybersecurity teams and evaluate new security products without risking their infrastructure.
Chris Carlson, Chief Product Officer at Critical Start, stated, “Our Cyber Range provides a safe space for companies to engage in realistic scenarios that prepare them for real-world cyber challenges.”
Key features include customizable simulations, product emulation, MITRE ATT&CK® Matrix integration, and flexible training options. The Cyber Range offers significant benefits like enhanced training, risk-free testing, and accelerated onboarding.
“The Cyber Range is a game-changer for cybersecurity training and evaluation,” added Carlson. For more information, visit the Critical Start website.
August 13, 2024 | Cybersecurity leaders are grappling with a surge in attacks in 2024, highlighting the pressing need for proactive measures. A recent report by Critical Start reveals that 86% of professionals cite unknown cyber risks as their top concern, up 22% from last year. Misalignment between cybersecurity investments and risk priorities remains a significant challenge, with 66% of companies lacking visibility into their cyber risk profiles.
Experts, including Chris Morales (Netenrich) and Randy Watkins (Critical Start), stress the importance of Managed Detection and Response (MDR) solutions in enhancing threat detection and response capabilities. As cyber threats evolve, organizations must shift from traditional prevention methods to a resilient approach that includes continuous monitoring and rapid incident response.
August 9, 2024 | Stay updated with the latest in identity management and information security. This week’s highlights include a massive data breach affecting 3 billion people, IBM’s AI-powered threat detection assistant, and new cybersecurity tools from Balbix, Beyond Identity, and more.
August 9, 2024 | Stay competitive with ChannelPro’s roundup of essential updates. This week’s highlights include Microsoft’s new partner benefits, Sophos’ ransomware findings, and Arctic Wolf’s expanded Cyber JumpStart Portal. Discover the latest tech advancements, strategic partnerships, and security innovations shaping the MSP landscape.
August 9, 2024 | The SEC has decided not to recommend enforcement action against Progress Software for the MOVEit Transfer vulnerability that affected 95 million people. The decision follows Progress’s cooperation and timely disclosure of the breach, which was exploited by the Clop ransomware gang in May 2023. The SEC’s decision signals a focus on companies’ proactive measures rather than punitive actions in cases of zero-day exploits.
August 8, 2024 | Big news in the tech and MSP world: EQT has acquired a majority stake in Acronis, while Fortinet has acquired Next DLP to boost its data protection capabilities. Rewst also raised $45M to expand its MSP automation platform.
August 7, 2024 | Critical Start has unveiled its Cyber Range, a virtual environment simulating real-world cyber threats. This free platform, part of the Critical Start Cyber Operations Risk & Response™ (CORR) Platform, allows organizations to safely train their cybersecurity teams, test new security products, and evaluate their cyber readiness without risking their actual infrastructure.
August 7, 2024 | Unknown threat actors and exploits are the top worry for 86% of cybersecurity professionals, according to a Critical Start survey, marking a 17% increase from last year. The rise in concern is driving 99% of organizations to consider outsourcing cyber risk reduction projects.
August 9, 2024 | Fortinet acquires Next DLP to enhance data protection. OPSWAT acquires InQuest, EQT stakes Acronis, and Beyond Identity releases RealityCheck for Zoom. Other highlights include NetRise, Legit Security, and Rapid7’s latest updates.
August 7, 2024 | A recent surge in attacks targeting VMware ESXi servers, exploiting the critical CVE-2024-37085 vulnerability, has highlighted the need for stronger defenses. Ransomware groups like Storm-0506 and Octo Tempest have used this flaw to gain administrative access, encrypting virtual machines and disrupting operations. To protect against these threats, organizations should:
Staying proactive is key to defending against these evolving threats.
August 6, 2024 | Traditional security tools are falling short in today’s complex threat landscape. The 2024 Critical Start Cyber Risk Landscape Peer Report reveals that 83% of cybersecurity pros experienced a data breach in the past two years, despite having standard protections. Here’s how your organization can take action:
August 6, 2024 | Critical Start’s latest Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now view unknown cyber risks as a top concern—up 17% from last year. The report emphasizes the need for businesses to adopt proactive risk management strategies and highlights ongoing challenges such as limited visibility into risk profiles and misalignment between cybersecurity investments and risk priorities.
August 6, 2024 | A Critical Start survey found that 86% of companies are more concerned about unknown cybersecurity threats than known flaws. The report highlights the growing trend of outsourcing cyber risk management to tackle these unseen risks, with 99% of organizations planning to do so within two years.
August 6, 2024 | A recent report from Critical Start reveals that 86% of cyber professionals now see unknown risks as their top concern, a 17% increase from last year. The report also highlights limited cyber risk insight, misaligned priorities, and a rise in breach incidents.
August 6, 2024 | The latest Cyber Risk Report shows a 16% rise in data breaches. Key actions: align security costs with risks, use a blended outsourcing approach, upgrade outdated tools, and improve asset visibility.
August 06, 2024 | A new report by Darktrace reveals the rising threat of Malware-as-a-Service (MaaS), which has seen significant growth due to its low entry barriers and subscription-based model. MaaS tools enable even novice attackers to launch effective cyberattacks with pre-packaged malware. The report highlights the continued success of older malware strains and the increasing use of “double extortion” tactics, where attackers encrypt and steal data to force higher ransoms. Organizations must adopt multi-layered security strategies and stay current with patches to combat these evolving threats.
[Read the full article]
August 06, 2024 | Researchers have unveiled a new Linux kernel exploit technique called SLUBStick. This method elevates a limited heap vulnerability into an arbitrary memory read/write capability, achieving a 99% success rate in cross-cache attacks. SLUBStick manipulates page tables, granting attackers full memory access. Tested on Linux kernel versions 5.19 and 6.2, the exploit poses a serious threat to systems still using these outdated versions. Experts advise immediate patching and robust security measures to mitigate risks.
August 5, 2024 | A new report from Critical Start reveals that 86% of cybersecurity professionals view unknown risks as a top concern, up 17% from last year. With 66% of businesses lacking visibility into their cyber risk profiles, experts stress the need for proactive risk management alongside traditional detection methods.
August 5, 2024 | Joe Levy, the new CEO of Sophos, aims to support midmarket and smaller businesses in cybersecurity. With a belief that the enterprise sector has received too much focus, Levy emphasizes the need for hybrid solutions combining products and services tailored to these underserved markets.
August 6, 2024 | A new Critical Start report reveals that 86% of cybersecurity professionals now view unknown risks as a top concern—a 17% increase from last year. Despite traditional security measures, 83% experienced a breach. The study also found that 81% of organizations plan to prioritize proactive risk reduction strategies.
August 5, 2024 | Critical Start’s second annual Cyber Risk Landscape Peer Report reveals that 86% of cybersecurity professionals now see unknown cyber risks as their top concern—up 17% from last year. The report highlights the need for proactive risk management, as traditional security measures are proving inadequate. Key findings include:
Randy Watkins, CTO at Critical Start, emphasizes the importance of data-driven insights and proactive strategies, noting that traditional security measures alone are no longer sufficient.
August 5, 2024 | A recent report reveals that 86% of firms are most concerned about unknown cyber-risks. Despite using traditional security measures, 83% experienced breaches, while 66% lack visibility into their cyber-risk profiles. To combat this, 99% plan to adopt managed cyber risk reduction solutions, focusing on proactive strategies like continuous monitoring and threat intelligence integration.
August 2, 2024 | Security leaders agree: finding a mentor is crucial for career growth. Key traits include curiosity, continuous learning, and clear communication.
“Stay curious and ask questions,” says Jordan Avnaim, CISO at Entrust. John Anthony Smith of Conversant Group emphasizes skepticism: “Question all stated truths.”
George Jones, CISO at Critical Start, highlights the need for translating technical issues for executives.
Mentorship builds skills, networks, and opportunities. It benefits both mentors and mentees, fostering mutual growth.
“Good mentorship is bidirectional,” says Avnaim. Networking within your organization or at industry events can help you find a mentor.
“Relationships develop over time,” assures Avnaim. Mentorship enriches careers and strengthens the security industry.
August 1, 2024 | KnowBe4 revealed a North Korean hacker tried to infiltrate its systems using a stolen identity and AI-enhanced image. The hacker secured a job, passed background checks, and attempted to load malware onto a company device. The SOC quickly contained the device, preventing a breach.
Security Leaders React:
Stephen Kowski, SlashNext: “State-sponsored attackers are creating convincing fake identities. We need better vetting, constant monitoring, and collaboration across HR, IT, and security teams.”
Piyush Pandey, Pathlock: “Continuous monitoring and strict access controls are crucial to detect and respond to suspicious activities.”
Callie Guenther, Critical Start: “Companies must scrutinize resumes, verify identities, and monitor for unusual behavior to counter sophisticated threats.”
John Bambenek, Bambenek Consulting: “Ensuring employee and contractor security has always been challenging. Vigilant monitoring and identifying bad actors upfront are essential.”
July 30, 2024 | Security researcher Adnan Khan discovered a flaw in Puppet Forge, dubbed RoguePuppet, allowing anyone with a GitHub account to push official modules. This exposure could have caused significant damage if exploited.
Key Lessons:
Expert Insights:
July 23, 2024 | Hackers have leaked internal documents from Leidos Holdings Inc., an IT services provider to U.S. government agencies, including the Defense Department. The breach occurred through Diligent Corp., a GRC software provider used by Leidos.
Leidos confirmed the connection to the Diligent breach and is investigating with cybersecurity experts and law enforcement. The exposure of sensitive information could compromise national security and government operations, highlighting the need for robust third-party security measures.
Micro-segmentation, stronger authentication, and continuous monitoring are critical strategies to mitigate such risks and prevent future breaches.
29 July 2024 | A new Fortinet report reveals that 90% of organizations experienced breaches due to a lack of cybersecurity skills. Recruiting and retaining skilled professionals remains a major challenge. With 87% of organizations facing breaches in 2023, the need for skilled tech pros is critical.
To bridge the gap, focus on recruiting talent with both technical and soft skills. Upskilling and flexible hiring practices are key to securing data and networks. AI can assist, but skilled professionals are still essential for effective cybersecurity.
July 29, 2024 | Zimperium will launch its first formal partner program later this year, offering incentives for new business, said Chris White, Chief Revenue Officer. This move follows the hiring of David Natker as VP of Global Partners and Alliances. The program will focus on technical enablement, certifications, and incentivizing partners to build mobile security practices.
Zimperium’s partners currently drive 100% of its new business. The new program will continue this strategy, emphasizing net-new customers and account-based marketing efforts.
July 29, 2024 | Salt Labs discovered a critical XSS vulnerability in HotJar, impacting over 1 million websites. Attackers can exploit this flaw to take over user accounts via legitimate-looking links. Major companies like Adobe, Microsoft, and T-Mobile are affected.
July 25, 2024 | A vulnerability in Microsoft’s Windows SmartScreen, CVE-2024-21412, bypassed warning dialogues to deliver malware. Exploited in the wild and patched in February, this flaw allowed attackers to distribute ACR Stealer and Lumia Stealer, targeting apps like Chrome and Telegram.
Experts emphasize the need for layered security defenses and proactive threat intelligence to protect against evolving cyber threats.
July 25, 2024 | Over 3,000 malicious GitHub accounts were found distributing malware like Atlantida Stealer and RedLine, posing severe risks to organizations.
Check Point Research identified the threat group, Stargazer Goblin, using “Ghost” accounts to create the illusion of legitimate repositories. This tactic exploits GitHub’s reputation, leading to data breaches and financial losses.
Organizations must conduct thorough code reviews, use security tools, implement strong access controls, and maintain a security-aware culture among developers to mitigate these threats.
July 24, 2024 | KnowBe4, a cybersecurity firm, was deceived by a North Korean hacker posing as an IT worker. The hacker passed rigorous interviews and background checks, but triggered security alerts upon receiving a company-issued Macbook.
An investigation revealed the hacker used a stolen US identity and AI-enhanced images. The hacker’s tactics included manipulating files and using a Raspberry Pi to load malware. Fortunately, KnowBe4’s security team contained the threat before any data was compromised.
Experts emphasize the need for robust vetting and monitoring to prevent such sophisticated attacks. This incident underscores the importance of enhanced security measures in the hiring process.
July 24, 2024 | KnowBe4 recently stopped a North Korean operative posing as a software engineer. The company detected the threat when the new hire’s Mac workstation began loading malware.
CEO Stu Sjouwerman shared, “We hired the person, sent them a Mac, and it immediately started loading malware.”
Security experts stress the need for rigorous vetting, continuous monitoring, and collaboration across HR, IT, and security teams. This incident highlights the evolving tactics of state-sponsored actors and the importance of strong security measures.
July 23, 2024 | An APT group named Void Banshee is exploiting Internet Explorer vulnerabilities to deploy the Atlantida info-stealer. Using CVE-2024-38112, Void Banshee targets Microsoft Internet Explorer 11, Windows (before 11 23H2 10.0.22631.3880), and Windows Server (before 2022 10.0.20348.2582).
The attacks involve malicious .URL files disguised as book PDFs, distributed via cloud-sharing websites, online libraries, and Discord servers. Predominantly affecting North America, Europe, and Southeast Asia, these attacks highlight the ongoing risk of legacy systems and delayed patch updates.
Security experts emphasize the need for timely security updates and robust patch management to counter such threats.
July 23, 2024 | Women in IT security are as skilled as men but face significant career barriers, according to a study by WiCyS and N2K Networks. Despite their aptitude, women encounter exclusion and limited advancement opportunities.
Experts stress the need for female mentors, inclusive policies, and advanced training to help women succeed in cybersecurity. Addressing unconscious bias and providing role models are crucial for fostering an equitable environment.
July 22, 2024 | The CrowdStrike glitch on July 19 has sparked industry-wide concerns. A faulty Falcon Platform update caused widespread Microsoft outages, affecting 29,000 customers. IT teams are now laboring through a complex recovery process.
David Brumley, a professor at Carnegie Mellon University, criticized CrowdStrike’s insufficient stress-testing and non-incremental rollout. Callie Guenther from Critical Start noted the risks of Friday updates due to weekend understaffing.
Regulatory scrutiny and discussions about the consolidation of software vendors are expected. Adversaries are also exploiting the chaos, warned CrowdStrike CEO George Kurtz and CISA.
July 22, 2024 | SlashNext researchers uncovered the FishXProxy Phishing Kit on the dark web. This kit uses unique link generation, advanced antibot systems, and redirection abilities to evade detection. It’s advertised as “The Ultimate Powerful Phishing Toolkit” and poses significant security challenges.
Callie Guenther from Critical Start highlights the risks: “FishXProxy lowers the barrier for advanced cybercrime, making it harder for traditional security measures to keep up.”
Mika Aalto from Hoxhunt stresses the need for human intelligence: “Equipping people with the right skills and tools is crucial to counter advanced phishing attacks.”
July 19, 2024 | A global IT outage caused by a CrowdStrike update has led to debate over responsibility. The update triggered widespread crashes, impacting sectors from airports to banks.
CrowdStrike insists the issue wasn’t a cyberattack and has deployed a fix, while Microsoft has restored its cloud services. Analysts draw parallels to past incidents, emphasizing the need for thorough testing and robust incident response.
Controversy remains: Was the flaw in CrowdStrike’s update or Microsoft’s system?
July 19, 2024 | The CrowdStrike outage highlights key strategies for managing disruptions. Act swiftly with your incident response plan, communicate clearly, and apply necessary reboots and patches.
Long-term, enhance testing procedures, diversify vendors, and conduct regular training.
Stay alert for follow-on threats like phishing scams and fake updates.
July 19, 2024 | The Microsoft outage, triggered by a CrowdStrike update, disrupted critical systems globally. Airlines, hospitals, banks, and more were impacted. CrowdStrike has issued a fix, but manual recovery is required. Experts warn of ongoing phishing threats and emphasize the need for robust contingency plans and diverse vendor strategies.
July 19, 2024 | A flawed update from CrowdStrike caused widespread outages, highlighting the dangers of relying on a few tech giants. Experts warn that such dependence increases risks when these systems fail.
July 19, 2024 | IT teams worldwide are rushing to fix systems after a faulty CrowdStrike update caused massive outages. The incident highlights the risks of tech consolidation, with officials urging better digital resilience and redundancy.
July 19, 2024 | A defective update to CrowdStrike Falcon Sensor caused mass IT outages globally, disrupting businesses, airlines, healthcare providers, and more. The update led to the “blue screen of death” on Microsoft servers. Though CrowdStrike has reverted the update, many systems remain down.
The bug in the Memory Scanning policy was not caught in testing, causing the Falcon sensor to consume 100% of a CPU core. Workaround steps have been provided. Microsoft is working with CrowdStrike to restore systems.
July 16, 2024 | APT group Void Banshee is exploiting a recently patched zero-day (CVE-2024-38112) to deploy the Atlantida infostealer. The attack uses a disabled Internet Explorer (IE) browser via MHTML to steal passwords and cookies.
Trend Micro reported Void Banshee spreads malicious files disguised as book PDFs on cloud-sharing sites, Discord, and online libraries. Callie Guenther of Critical Start highlights the vulnerability’s risk due to slow patch adoption and legacy systems.
July 15, 2024 | Research shows CISO job satisfaction is tied to their access to company management. Despite high salaries, many CISOs are unhappy, with three in four considering job changes in 2023. They often face blame for cyber incidents and compliance issues, leading to dissatisfaction.
Pathlock CEO Piyush Pandey notes the pressures of regulatory requirements and daily operations without corresponding compensation. George Jones of Critical Start highlights the impacts: decreased effectiveness, retention challenges, cultural issues, and increased vulnerabilities. Breaking these barriers involves giving CISOs a seat at the table and investing proactively in cybersecurity.
July 11, 2024 | A new phishing toolkit, FishXProxy, is lowering the barrier for creating sophisticated email attacks. This kit, integrated with Cloudflare CDN, evades traditional security measures. Experts warn of increased phishing threats and stress the need for advanced, multi-layered defenses.
July 10, 2024 | The Biden administration launched the National Cyber Workforce and Education Strategy (NCWES) to fill 470,000 open cybersecurity positions. This initiative aims to diversify the workforce, shift to skills-based hiring, and increase scholarships for non-traditional students.
Experts emphasize raising awareness about cybersecurity careers and providing quality education. Despite these efforts, the skills gap remains a significant challenge.
July 10, 2024 | Cybersecurity researchers discovered a critical vulnerability in RADIUS, a network authentication protocol from the 1990s still widely used today. The vulnerability, CVE-2024-3596, allows attackers to conduct man-in-the-middle attacks, posing significant risks to enterprise and telecom networks. Immediate patching and transitioning to modern cryptographic standards are essential to mitigate the threat.
[Read the full article]
July 17, 2024 | Research reveals CISO job satisfaction is tied to their access to company management. High salaries don’t prevent job dissatisfaction; many CISOs considered job changes in 2023 due to being scapegoats for cyber incidents and compliance issues.
Key Issues:
Solutions:
July 9, 2024 | Eldorado, a Ransomware-as-a-Service (RaaS), is hitting both Windows and Linux systems. Using Golang for cross-platform attacks, it employs advanced encryption like Chacha20 and RSA-OAEP to encrypt files over SMB. Eldorado spreads via USB drives and recruits affiliates through underground forums. Group-IB reports 16 confirmed cases, affecting various industries in the US and beyond.
July 9, 2024 | Malware analysis is crucial for cybersecurity, helping security teams understand malicious software’s behavior, origin, and impact. Here’s a primer for boards on the value and process of malware analysis.
July 9, 2024 | A new ransomware-as-a-service platform, Eldorado, targets Windows and VMware ESXi environments. Active since March, Eldorado uses Golang for cross-platform capabilities and employs advanced encryption methods. Researchers note its significant impact on virtualized environments and the evolving threat landscape.
July 8, 2024 | Explore Eldorado, a new ransomware-as-a-service (RaaS) group targeting VMware ESX servers. This group has already launched 16 attacks, predominantly in the United States, impacting sectors such as real estate, education, healthcare, and more.
[Read more about Eldorado’s tactics and impact.]
Menlo Security’s report details three sophisticated nation-state campaigns targeting financial institutions, government agencies, legal firms, and healthcare entities: LegalQloud, Eqooqp, and Boomer.
July 5, 2024 | Bugcrowd’s latest report reveals that 1 in 3 security leaders believe many organizations sacrifice customer privacy to reduce costs. Surveying over 200 global security leaders, the report highlights:
July 5, 2024 | Critical Start introduces Quick Start Risk Assessments and expanded framework coverage for Managed Cyber Risk Reduction (MCRR), enhancing their MDR cybersecurity solutions.
July 2, 2024 | Life360 reported a data breach affecting its subsidiary, Tile, exposing client information such as names, phone numbers, addresses, email addresses, and device IDs.
Piyush Pandey, CEO at Pathlock: Pandey stressed the importance of proactive identity security, highlighting the need for visibility into user access throughout their lifecycle. He noted the absence of multi-factor authentication as a critical oversight, emphasizing the need to secure service accounts alongside business applications.
Anne Cutler, Cybersecurity Evangelist at Keeper Security: Cutler underscored the necessity for prioritizing admin account security, advocating for stringent password policies and least privilege access. She recommended continuous monitoring of admin activities and implementing multi-factor authentication across all accounts to enhance security.
Callie Guenther, Senior Manager, Cyber Threat Research at Critical Start: Guenther highlighted the broader implications of the breach, including potential threats like targeted extortion and supply chain vulnerabilities. She emphasized the importance of comprehensive security frameworks, vigilant monitoring, and incident response strategies to mitigate risks.
July 2, 2024 | Menlo Security’s latest report uncovers three new state-backed cyber gangs using Highly Evasive and Adaptive Threat (HEAT) techniques. LegalQloud, Eqooqp, and Boomer target banking, government, and healthcare sectors with advanced phishing and bypass tactics, posing significant cybersecurity threats.
July 1, 2024 | A critical remote code execution flaw (CVE-2024-6387) in OpenSSH on glibc-based Linux systems has been discovered. This vulnerability could allow attackers to gain full system control without user interaction, posing severe risks.
Qualys identified over 14 million potentially vulnerable OpenSSH server instances exposed to the internet. This flaw, a regression of CVE-2006-5051, underscores the need for thorough regression testing.
To mitigate risks, apply patches immediately, restrict SSH access, and deploy intrusion detection systems.
July 1, 2024 | Aqua Security reveals that API tokens, credentials, and passkeys remain exposed in code repositories, even after deletion. This “phantom secrets” issue affects major platforms like GitHub, Bitbucket, and GitLab, posing significant risks.
Aqua found that almost 18% of secrets might be overlooked by standard scanning methods, leaving sensitive information accessible. This problem persists due to how SCM systems save deleted or updated commits.
To mitigate these risks, organizations must implement comprehensive secret management practices and regular audits of their repositories.
July 1, 2024 | Microsoft has discovered “Skeleton Key,” a security flaw in AI models that can bypass ethical safeguards. This vulnerability impacts eCommerce platforms, financial services, and customer support systems.
The flaw affects AI from major providers like Meta, Google, and OpenAI, potentially allowing malicious actors to manipulate AI systems. Microsoft advises businesses to implement stringent security measures to protect against these threats.
June 28, 2024 | Cybersecurity stress is rampant, with burnout costing U.S. businesses $626 million annually in lost productivity. A survey by Hack the Box reveals 74% of cybersecurity pros take time off due to work-related stress, impacting recruitment and retention. Addressing these issues through mental health support and clear career paths is crucial.
June 28, 2024 | Randy Watkins, CTO at Critical Start, discusses the critical importance of cyber risk profiling in preventing cyberattacks. Learn why organizations must proactively manage vulnerabilities to enhance resilience against sophisticated threats.
June 28, 2024 | A recent acquisition of the Polyfill domain by a Chinese company has turned it into a major supply-chain risk for over 100,000 websites. Originally a trusted JavaScript library used widely across industries, Polyfill.io is now accused of delivering malicious code, including redirects to illicit sites like sports betting and pornography.
June 28, 2024 | BlackBerry Limited’s latest Global Threat Intelligence Report reveals a sharp increase in cyberattacks, detecting 3.1 million in Q1 2024 — approximately 37,000 per day. The report highlights a 40% rise in unique malware samples and identifies a significant targeting of sectors like healthcare and financial services. Social engineering tactics are on the rise, exploiting vulnerabilities across various industries.
June 27, 2024 | Bugcrowd’s 2024 Inside the Mind of a CISO report highlights that 33% of security leaders believe companies sacrifice long-term security for cost savings. Additionally, 40% think few firms understand their breach risks. Despite concerns, 87% are hiring, with 56% reporting understaffing. Over 80% hold cybersecurity degrees, challenging perceptions on formal education.
June 27, 2024 | Researchers have uncovered three nation-state campaigns using advanced highly evasive and adaptive threat (HEAT) tactics to target sectors like banking, finance, insurance, legal, government, and healthcare. Named LegalQloud, Eqooqp, and Boomer, these campaigns have compromised over 40,000 users in 90 days, according to Menlo Security. The attackers use sophisticated techniques to bypass multi-factor authentication (MFA) and seize control of sessions, posing significant challenges for cybersecurity defenses.
June 27, 2024 | Organizations are increasing their cybersecurity budgets but remain uncertain about the effectiveness of their investments, according to Optiv’s 2024 Threat and Risk Management Report. While budgets have increased by 59% year-over-year, only 36% have a formal budgeting approach, leading to inefficiencies and missed opportunities. The report reveals that 61% of organizations experienced a data breach in the past two years, and 73% are adopting SOAR technology to improve incident response efficiency.
June 26, 2024 | Over 100,000 websites using Polyfill JS are now vulnerable to malicious redirects to sports betting and pornography sites. Sansec researchers found that the popular open-source code, recently acquired by Funnull, generates malicious activities based on HTTP headers. This highlights the risks of relying on third-party open-source projects.
[Read the full article]
June 24, 2024 | Outdated Android devices are under attack from “Rafel RAT,” a novel malware capable of stealing data and executing ransomware attacks, according to CheckPoint research. Over 120 global campaigns have been observed, targeting high-profile sectors like the military. Rafel RAT can access SMS, call logs, and contacts by exploiting user permissions through phishing campaigns. Modified versions include a ransomware module for encrypting files.
June 24, 2024 | Gartner’s latest report emphasizes the critical shift to proactive cybersecurity. The guide details how MDR services should include proactive threat identification and preemptive responses, enhancing threat prediction, prioritizing remediation, and optimizing resources for a robust cybersecurity posture.
June 24, 2024 | Security researchers warn of Rafel RAT, a malware targeting Android devices. Check Point Research identified multiple threat actors using Rafel for espionage and data theft, affecting mainly Samsung, Xiaomi, Vivo, and Huawei phones. Most infected devices run outdated Android versions, increasing vulnerability.
June 24, 2024 | Barracuda Networks’ new CRO, Geoffrey Waters, aims to drive new business and strengthen partnerships. Waters, previously with Check Point Software, VMware, and Intel, focuses on customer outcomes, sales excellence, and team unity to accelerate growth globally.
[Read the full article]
June 21, 2024 | Recent tech graduates face unique challenges and opportunities as they enter the cybersecurity workforce. Experts emphasize the importance of technical and soft skills, continuous learning, and exploring opportunities in various sectors beyond traditional tech.
June 20, 2024 | Security teams are adopting generative AI (GenAI) to enhance threat detection and response, phishing prevention, and anomaly detection. This technology helps summarize vast data, automate tasks, and improve cybersecurity resilience against evolving threats.
June 20, 2024 | A high-severity vulnerability in Phoenix Technologies’ SecureCore UEFI firmware, affecting hundreds of Intel CPUs, poses significant risks. Known as CVE-2024-0762, this vulnerability allows local attackers to escalate privileges and gain code execution within UEFI firmware.
June 19, 2024 | Medium to large enterprises face significant financial losses due to cybersecurity worker burnout, with annual losses averaging over $626 million in the U.S. Causes include stress, fatigue, and lack of support, highlighting the need for better mental health resources and team efficiency tools.
June 18, 2024 | As AI-driven cyber threats evolve, security teams must adopt advanced strategies to counteract them. Callie Guenther from Critical Start outlines six key areas for enhancing cybersecurity and staying ahead of attackers using AI technologies.
June 18, 2024 | As AI-driven cyber threats evolve, security teams must adopt advanced strategies to counteract them. Callie Guenther from Critical Start outlines six key areas for enhancing cybersecurity and staying ahead of attackers using AI technologies.
June 18, 2024 | In honor of Internet Safety Month, VM Blog gathers insights from top industry experts to help you stay safe online. Discover emerging threats, expert advice, and practical strategies to protect yourself and your family.
June 14, 2024 | Millions of Tile users’ personal information may have been exposed in a data breach where hackers accessed internal tools. While no financial info or location data was compromised, users should be cautious of phishing attempts.
March 25, 2024 | The US Department of Justice charged seven Chinese nationals linked to the APT31 threat group with cyber espionage, and the Department of the Treasury announced sanctions against their affiliated shell company, aiming to curb state-sponsored hacking.
June 13, 2024 | The Department of Homeland Security (DHS) and the Office of Management and Budget (OMB) have released AI roadmaps prioritizing ethical standards, privacy, and innovation. These policies align with the White House’s AI executive order, providing clear guidelines for responsible AI use in government operations.
June 13, 2024 | As technology evolves, IT and cybersecurity roles are merging, requiring tech professionals to acquire skills in both areas. This convergence is driven by advancements in AI, cloud computing, and IoT, highlighting the need for integrated security measures.
June 12, 2024 | Nvidia has issued patches for high-severity vulnerabilities in its GPU drivers and virtualization software, critical for preventing data theft and code execution attacks. These updates are vital for protecting AI workloads and data centers using Nvidia’s technology.
June 12, 2024 | Black Basta ransomware is believed to have exploited a Windows zero-day vulnerability (CVE-2024-26169) before a patch was available, highlighting the critical need for timely security updates and vigilant threat monitoring.
June 7, 2024 | A vulnerability in Ariane Systems’ kiosk platform (CVE-2024-37364) allows attackers to access guest data and create room keys. Exploiting this flaw can expose personal information and hotel operations. The issue has been patched in newer versions, but physical security and regular updates are crucial.
June 7, 2024 | A vulnerability in Ariane Systems’ hotel check-in kiosks, impacting over 3,000 hotels, allows attackers to access guest data and create unauthorized room keys. The flaw highlights the urgent need for proactive cybersecurity measures in the hospitality industry.
June 3, 2024 | SolarWinds’ SVP Krishna Sai emphasizes that generative AI is beneficial, not intimidating, helping organizations improve operations and customer satisfaction. SolarWinds AI, integrated into their IT service management products, demonstrates these benefits. Sai encourages embracing AI while being aware of regulatory and security considerations.
June 3, 2024 | Fastly researchers discovered vulnerabilities in popular WordPress plugins, including WP Meta SEO, WP Statistics, and LiteSpeed Cache, leaving millions of websites exposed to backdoor attacks. These vulnerabilities allow attackers to inject malicious scripts, create admin accounts, and insert PHP backdoors. Website administrators are advised to update plugins and implement security measures to protect their sites.
June 3, 2024 | A recent report reveals that 39% of Managed Service Providers (MSPs) find adapting to emerging cybersecurity solutions and technologies to be their greatest challenge. The report, based on a survey of 350 MSPs across the US, UK, Australia, and Germany, highlights the critical need for continuous staff training, strong vendor relationships, and flexible security solutions.
May 22, 2024 | The EPA has issued an urgent alert for U.S. water utilities to strengthen cybersecurity defenses against escalating threats, citing critical vulnerabilities and the necessity for immediate action. The alert outlines essential measures for risk assessments, network safeguards, incident response, and employee training to ensure compliance with the Safe Drinking Water Act.
May 21, 2024 | New AI guidelines from NIST highlight risks and best practices for developing and deploying generative AI technologies, emphasizing security and trustworthiness. Tech professionals must learn these lessons to stay current and enhance their career development.
May 20, 2024 | George Jones of Critical Start delves into the importance of distinguishing between cyber risks and threats. He highlights the need for organizations to adopt both risk-centric and threat-centric approaches to enhance their cybersecurity posture effectively.
May 18, 2024 | CISA has added two end-of-life D-Link routers to its Known Exploited Vulnerabilities catalog, urging immediate patching or retirement of the devices. The vulnerabilities (CVE-2014-100005 and CVE-2021-40655) allow attackers to hijack administrator sessions and steal login credentials.
May 15, 2024 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched the “vulnrichment” program to address delays in the National Vulnerability Database (NVD) caused by NIST’s reduced involvement. This initiative enriches CVEs with critical data such as CVSS scores, CWE, and CPE information, aiding better vulnerability management. CISA’s stakeholder-specific categorization helps prioritize vulnerabilities. Since its launch, over 1,300 CVEs have been enriched. This program is part of CISA’s broader efforts to enhance cybersecurity resilience across the U.S.
May 15, 2024 | In cybersecurity, distinguishing between vulnerabilities, threats, and risks is crucial. The article discusses the differences between risk-centric and threat-centric approaches in cybersecurity. It explains how each approach addresses specific threats like ransomware, phishing, and data breaches, and emphasizes the need for a balanced strategy tailored to an organization’s unique challenges.
May 15, 2024 | Dell Technologies reported a data breach affecting 49 million customers, exposing personal information through a poorly secured API. The breach has raised significant concerns about targeted phishing attacks and other potential cyber threats.
May 15, 2024 | NIST and CISA are addressing critical backlogs at the National Vulnerability Database (NVD) through new initiatives, including CISA’s ‘Vulnrichment’ project, to enrich CVEs with essential metadata and improve vulnerability management.
May 15, 2024 | CISA launches the ‘vulnrichment’ program to enrich CVEs with critical metadata, filling the gap left by NIST’s reduced involvement with the National Vulnerability Database. This initiative aims to improve vulnerability management and prioritize remediation efforts.
May 15, 2024 | Google released an emergency update for Chrome (CVE-2024-4761), an out-of-bounds write flaw in the V8 JavaScript engine. This marks the sixth Chrome zero-day patched in 2024. Users should update to version 124.0.6367.207/.208 on Windows/Mac and 124.0.6367.207 on Linux. Experts emphasize the critical nature of frequent zero-day discoveries and the need for prompt patching and additional security measures.
May 14, 2024 | Google released a patch for the sixth Chrome zero-day vulnerability of 2024 (CVE-2024-4761), an out-of-bounds write in the V8 engine. Discovered by an anonymous researcher, this flaw allows remote attackers to perform memory writes via crafted HTML. Despite no active exploitation reported, an exploit exists. Experts emphasize the importance of swift patching and robust cybersecurity measures.
May 14, 2024 | Google released an emergency update for Chrome, addressing a zero-day vulnerability (CVE-2024-4761) in the V8 JavaScript engine. This flaw allows attackers to escape the browser sandbox via crafted HTML pages. It is the sixth Chrome zero-day patched this year, with exploit code already circulating. Users should update Chrome immediately to prevent potential data breaches.
May 13, 2024 | Following a major cyberattack on Ascension health system, the AHA and H-ISAC issued alerts about the Black Basta ransomware group, which has increasingly targeted healthcare. Ascension is collaborating with law enforcement and sharing threat intelligence. The attack has severely disrupted clinical operations, leading to patient rescheduling and downtime procedures. Experts emphasize the importance of information sharing and advanced cybersecurity measures to mitigate such threats.
April 5, 2024 | CISA announced a new rule under the Cyber Incident Reporting for Critical Infrastructure Act, requiring significant cyber incidents to be reported within 72 hours and ransom payments within 24 hours. CISA Director Jen Easterly emphasized the rule’s role in enhancing cybersecurity coordination and response. The rule is expected to affect over 316,000 entities and cost an estimated $2.6 billion. The public comment period ends on June 3, 2024.
April 4, 2024 | The State Department is investigating an alleged cyber breach while the FCC considers regulating connected vehicles. In the Industry Voices segment, George Jones, CISO at Critical Start, shares strategies on maximizing cybersecurity investments to achieve optimal risk reduction. Jones discusses how security leaders can spend smarter and reduce risks effectively.
April 4, 2024 | Researchers have discovered a new malware downloader named “Latrodectus,” used by initial access brokers in email threat campaigns. Emerging after QBot’s disruption in 2023, Latrodectus uses sandbox evasion techniques to avoid detection, making it a potent tool for threat actors.
April 4, 2024 | Researchers from Proofpoint have identified a new malware called “Latrodectus,” likely developed by the creators of the banking trojan IcedID. This malware uses sandbox evasion techniques to deliver malicious payloads. Proofpoint expects increased use of Latrodectus by threat actors. The malware checks for sandbox environments and is distributed via impersonation campaigns.
April 3, 2024 | A Sophos report reveals ransomware attackers are increasingly targeting backups, making it harder for organizations to recover without paying a ransom. 94% of surveyed companies faced backup compromise attempts, leading to higher ransom demands. The report emphasizes secure, isolated backups as critical to minimizing ransomware damage and ensuring business continuity.
April 3, 2024 | The CVE List and National Vulnerability Database (NVD) are criticized for not being comprehensive or reliable sources of vulnerability information. Issues include incomplete listings and false positives, leading to potential security risks. Efforts are underway to improve the system with a consortium to address these challenges.
April 3, 2024 | The FCC’s new voluntary cybersecurity labeling program for IoT devices aims to enhance consumer awareness and protection. By providing clear cybersecurity information through a U.S. Cyber Trust Mark and QR code, the program promotes transparency and security. This initiative can help mitigate risks in critical sectors like energy, healthcare, and manufacturing, ensuring safer IoT deployments.
April 2, 2024 | Vietnam’s rapid economic growth has led to a surge in cybercrime, including ransomware attacks and the use of junk bank accounts for financial fraud. The government is working to strengthen cybersecurity, but challenges persist due to widespread use of pirated software and limited cybersecurity awareness among users.
April 2, 2024 | Microsoft’s release of Copilot for Security integrates AI into its security offerings, providing MSSPs with opportunities to enhance productivity and efficiency in security operations. Despite initial concerns about pricing models and integration, the tool shows promise in augmenting SOC capabilities and creating new revenue streams for MSSPs.
April 1, 2024 | Due to data security concerns, the US House of Representatives has banned staff from using Microsoft’s AI Copilot, citing potential risks of data leakage to unauthorized cloud services. Microsoft plans to address these concerns with a secure government version later this year.
April 1, 2024 | The US House of Representatives has banned staff members from using Microsoft’s AI chatbot Copilot due to concerns over data security and potential leaks to non-House approved cloud services. This decision aligns with a previous ban on ChatGPT and reflects the government’s cautious approach to AI regulation. Microsoft plans to release a secure government version of Copilot this summer to address these concerns.
April 1, 2024 | As World Backup Day 2024 approaches, industry experts share insights on the importance of robust backup strategies to protect against data loss, ransomware, and cyberattacks. Learn how to safeguard your digital assets and ensure business continuity.
March 27, 2024 | A recent White House letter warns that critical infrastructure, especially water and wastewater systems, is a major target for foreign state-sponsored cyberattacks, urging immediate cybersecurity improvements.
March 25, 2024 | A new wave of StrelaStealer malware campaigns has impacted over 100 organizations in the EU and US, with attackers updating their methods to evade detection through spearphishing and advanced obfuscation techniques.
March 25, 2024 | The US Department of Justice charged seven Chinese nationals linked to the APT31 threat group with cyber espionage, and the Department of the Treasury announced sanctions against their affiliated shell company, aiming to curb state-sponsored hacking.
March 18, 2024 | In her article for SC Media, Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, advocates for a paradigm shift in cybersecurity from a reactive to a proactive approach.
She emphasizes the importance of integrating proactive vulnerability intelligence (VI) within vulnerability management systems (VMS) to anticipate and mitigate potential threats before they materialize into breaches.
Guenther cites the recent ransomware attack on Change Healthcare as an example of the devastating consequences of relying on a reactive model and highlights how proactive VI could have offered multiple layers of defense.
The article underscores the strategic advantages of embracing proactive VI within VMS, including enhanced threat prediction, prioritized remediation efforts, and optimized resource allocation.
Guenther envisions a future where the integration of proactive VI and VMS, coupled with advancements in AI and machine learning, becomes the foundation of adaptive and resilient cybersecurity strategies.
February 13, 2024 | In his Forbes Council Post, Randy Watkins, CTO of Critical Start, emphasizes the significance of adopting cybersecurity frameworks like NIST CSF and ISO/IEC 27001 for enterprise security teams.
He outlines how these frameworks provide a structured approach to enhancing an organization’s security posture by covering critical aspects such as identification, protection, detection, response, and recovery.
The article also highlights the benefits of aligning security measures with these frameworks to develop comprehensive roadmaps, justify budget allocations, and cautions against overreliance on any single framework, given the unique needs of each organization and the ever-changing cyber landscape.
Ultimately, Randy advocates for fully integrating cybersecurity frameworks into holistic risk reduction strategies, enabling organizations to measure and optimize their security posture over time accurately.
October 11, 2023 | The education sector is increasingly targeted by cyber threats, with 29% of attacks on K-12 schools originating from vulnerability exploitation, and 30% from phishing campaigns in 2023, according to a report by cybersecurity solutions provider Critical Start. The report highlights the growing use of Quick Response (QR) codes in phishing attacks, where cybercriminals disguise themselves as Microsoft security notifications and embed QR codes within PNG images or PDF attachments. Ransomware groups are collaborating more extensively, sharing tactics and procedures, while Microsoft Teams’ vulnerability allows external accounts to send harmful files directly to an organization’s staff, increasing the risk of successful attacks.
October 10, 2023 | A robotics hacker, Alan Meekins (Nullagent), created RFParty, a service enabling people to monitor police activity using Bluetooth, exploiting vulnerabilities in law enforcement equipment provider Axon’s devices. Meekins discovered that Axon uses Bluetooth to tie together hardware like body cameras, Tasers, firearms, and dash cameras. Accessing Bluetooth data, such as the MAC address of a bodycam, could be valuable to citizens seeking to monitor police activity. While Meekins’ RFParty service isn’t designed to track police, it maps common IoT devices, including police objects like bodycams. Cybersecurity experts note that Bluetooth connections offer a broader attack surface than wired connections, and vulnerabilities in Bluetooth are discovered semi-regularly. While Bluetooth security can vary, the threat to consumers is considered marginal, with good security hygiene recommended.
October 9, 2023 | Amnesty International reported a series of Predator spyware attacks targeting civil society, journalists, politicians, and academics in the European Union, the United States, and Asia. The human rights group called for a worldwide ban on spyware, stating that the attacks are so serious that the developers of Predator, the Intellexa alliance, have done nothing to limit the use of this spyware. The Amnesty International investigation is part of the ‘Predator Files’ project, and those targeted include members of the U.S. Congress, the President of the European Parliament, the Taiwan President, and others. The spyware provides unfettered access to a device’s microphone and camera and all its data. Social media platforms, including X and Facebook, were used to publicly target at least 50 accounts, according to Amnesty International. The Citizen Lab independently confirmed Amnesty’s findings concerning Predator and assessed with “high confidence” that the threat actor included Cytrox Predator infection links in replies to numerous U.S. and international officials and others. The targeting of high-ranking officials and journalists demonstrates the strategic deployment of this spyware, with a clear motive to gain insights into policy-making or to quell dissent.
October 3, 2023 | Amazon Web Services (AWS) has issued a warning regarding a vulnerability affecting TorchServe, a tool used by major companies to incorporate artificial intelligence (AI) models into their operations. The bug, named CVE-2023-43654 and part of a set of vulnerabilities named “ShellTorch” by researchers from Oligo, exposes important administrative tools to the open internet. Oligo discovered that hackers could potentially view, modify, steal, or delete AI models and sensitive data between a company and the TorchServe server. The vulnerabilities highlight the risks associated with AI models relying heavily on open-source software. AWS urges users to update TorchServe to resolve the issue.
October 3, 2023 | A group of 56 cybersecurity leaders, including professionals from ESET, Rapid7, the Electronic Frontier Foundation, and Google’s Vint Cerf, have criticized the European Union’s (EU) proposed one-day vulnerability disclosure requirement under the Cyber Resilience Act (CRA). In an open letter, they argue that the CRA’s requirement for software publishers to disclose unpatched vulnerabilities to government agencies within 24 hours of exploitation could create a tempting target for malicious actors and have a chilling effect on good-faith security researchers. They suggest that disclosing vulnerabilities prematurely may interfere with the coordination and collaboration between software publishers and security researchers.
October 2, 2023 | Cisco has identified and released patches for a vulnerability (CVE-2023-20109) affecting the Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software. The flaw has a CVSS severity score of 6.6 out of 10, and a successful exploit could allow an attacker to execute arbitrary code and gain full control of the affected system or cause it to reload, resulting in a denial of service (DoS) condition. While the vulnerability is serious, experts note that a successful exploit would require a hacker to be deeply embedded in an organization’s systems, making it likely that the bug would be used for privilege escalation in an already-compromised system.
September 29, 2023 | Progress Software has issued patches for critical vulnerabilities in its WS_FTP Server, impacting versions prior to 8.7.4 and 8.8.2. One of the vulnerabilities, CVE-2023-40044, with a CVSS score of 10.0, is a .NET deserialization flaw in the Ad Hoc Transfer module that allows pre-authenticated attackers to execute remote commands on the underlying operating system. Another critical flaw, CVE-2023-42657, with a CVSS score of 9.9, is a directory traversal vulnerability that enables attackers to perform unauthorized file operations on the underlying operating system. Organizations are advised to apply patches promptly or upgrade to the latest version (8.8.2) and plan for system outages during the upgrade process.
September 27, 2023 | The U.S. and Japanese governments have issued a joint advisory warning about BlackTech, a Chinese-linked hacking group actively targeting and exploiting routers, especially those from Cisco Systems Inc. BlackTech, also known as Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has shown capabilities in modifying router firmware without detection and exploiting routers’ domain-trust relationships to pivot between international subsidiaries and headquarters in Japan and the U.S. The threat group targets various sectors, including government, industrial, technology, media, electronics, and telecommunications, affecting entities supporting the U.S. and Japan militaries. The advisory urges organizations to review subsidiary connections, verify access, implement zero trust models, and adopt mitigations against known attack paths to detect and protect against BlackTech’s activities.
September 27, 2023 | A previously disclosed vulnerability, first tracked as CVE-2023-4863 and later marked as CVE-2023-5129 with the highest CVSS severity rating of 10 out of 10, is found to affect a wider range of applications than initially assumed. Originally announced as a Chrome browser issue, researchers later traced it back to the open-source libwebp library. This library, used by multiple browsers and image editors, was discovered in several popular container images’ latest versions, including Nginx, Python, Joomla, WordPress, Node.js, and more. The vulnerability poses significant risks due to its high severity and the potential for remote code execution, making it crucial for organizations to thoroughly inventory their software assets to ensure comprehensive mitigation.
September 22, 2023 | Apple has patched three zero-day vulnerabilities actively exploited in the wild, bringing the total fixed zero-days this year to 16. Security researchers believe commercial spyware vendors are behind the attacks. The vulnerabilities were reported by Bill Marczak of The Citizen Lab and Maddie Stone of Google’s Threat Analysis Group. The fact that many of these vulnerabilities were discovered by groups that focus on state-sponsored and high-level cyber-espionage campaigns suggests that Apple devices are being targeted in sophisticated attacks against high-profile individuals. The zero-days patched include vulnerabilities in WebKit browser, Security Framework, and Kernel Framework. The use of zero-day vulnerabilities by commercial spyware vendors is on the rise, and the exposure of these vulnerabilities raises the cost of doing business for them. Apple’s new Rapid Security Response (RSR) model separates critical security patches from functional updates, allowing the company to address vulnerabilities more quickly and efficiently.
September 15, 2023 | The threat group ALPHV, responsible for the recent cyberattacks on MGM Resorts and Caesars Entertainment, claims to have breached MGM’s systems by exploiting vulnerabilities in the Okta platform, specifically the Okta Agent. The group states that MGM Resorts hastily shut down its Okta Sync servers after learning of the intrusion, resulting in Okta being completely out. ALPHV indicates that they lurked in the Okta Agent servers, sniffing passwords of individuals. The group subsequently launched ransomware attacks against over 1,000 ESXi hypervisors on September 11. ALPHV threatens further action if a financial arrangement is not reached, claiming ongoing access to some of MGM’s infrastructure. Okta’s chief security officer acknowledges a social engineering component to the attack but highlights that the attackers were sophisticated enough to deploy their identity provider and user database into the Okta system. Okta had previously warned of social engineering attacks attempting to gain highly privileged access. The incident raises concerns about potential future cyberattacks targeting high-privilege users and emphasizes the importance of robust security hygiene, continuous monitoring, and threat intelligence sharing.
September 14, 2023 | The recent ransomware attacks on MGM International and Caesars Entertainment by the Scattered Spider group highlight the threat of known tactics and techniques that have been well-documented for months. The group utilizes the Bring Your Own Vulnerable Driver (BYOVD) technique, exploiting vulnerabilities in drivers like the Intel Ethernet diagnostics drivers to gain elevated privileges within Windows systems. While initial compromises may involve social engineering, the subsequent actions inside the network, especially if using advanced tactics like BYOVD, could significantly impact the severity of the breach. Scattered Spider, also known as UNC3944, operates as a financially driven threat actor, and their attacks raise concerns about the security of large organizations. The recent incidents indicate a potential shift in focus from traditional ransomware-as-a-service (RaaS) activities to advanced threat actor tactics. The security industry emphasizes the need for organizations to enhance security measures against such sophisticated threats and urges a comprehensive defense strategy beyond conventional security products.
September 12, 2023 | MGM Resorts is dealing with a cyberattack that has left its hotel operations, especially in Las Vegas, in disarray. The incident, suspected to be a ransomware attack, impacted key card systems, locking guests out of their rooms and causing disruptions to slot machines. While the company is actively investigating with external cybersecurity experts and law enforcement, its websites remain offline. Security experts see signs of a ransomware attack, given the widespread outages, but other possibilities, such as a distributed denial-of-service (DDoS) attack or an advanced persistent threat (APT) group, are not ruled out. The recovery process is now in the hands of MGM Resorts’ security teams.
September 12, 2023 | A new trend called “jailbreaking” has emerged in the world of AI chatbots, where users exploit vulnerabilities to bypass safety measures, potentially violating ethical guidelines and cybersecurity protocols. This practice allows users to unleash uncensored and unregulated content, raising ethical concerns. Online communities share tactics to achieve these jailbreaks, fostering a culture of experimentation. Cyber-criminals have also developed tools for malicious purposes, leveraging custom large language models. While defensive security teams work on securing language models, the field is still in its early stages, and organizations are taking proactive steps to enhance chatbot security.
September 8, 2023 | Cybercriminals are exploiting the acceptance of Telegram “mods” in the Google Play store to distribute “Evil Telegram,” a spyware campaign. Using modified versions of Telegram, these attackers, trading on users’ trust in Telegram’s security, create a new avenue for cyberespionage. Kaspersky identified infected apps like “Paper Airplane,” which appear as legitimate Telegram clones but contain a hidden spyware module. These apps, downloaded over 60,000 times, target users in China, particularly the Uyghur ethnic minority, raising concerns about potential government surveillance. Businesses are urged to remain vigilant, as mobile spyware poses risks such as unauthorized access to sensitive data and compromised employee information. Kaspersky researchers reported the apps to Google for removal, emphasizing the need for caution even with official app stores.
September 8, 2023 | Cisco Talos researchers uncovered a cryptocurrency-mining scheme targeting graphic designers and 3D modelers. Active since November 2021, the attackers use the legitimate Windows tool “Advanced Installer” to bundle mining malware with software like Adobe Illustrator. The focus on graphic design and 3D modeling tools is due to their high GPU power, ideal for mining. Malicious scripts, hidden in the installation process, deploy threats like the M3_Mini_Rat backdoor and mining malware (PhoenixMiner, lolMiner). The campaign, mainly affecting French-speaking users, emphasizes the need for caution during software installation. Persistent and difficult to detect, such campaigns highlight the importance of collaboration between operations and security teams.
September 7, 2023 | For the second time in the last few years, North Korean state-sponsored attackers targeted security researchers. With an all new zero-day vulnerability, fake software tool, and extensive phishing, these operations are aiming to not only steal information but also gather insight into defense mechanisms. Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, sat down with Dark Reading to talk about the recent return of these threat actors, and their strategic targeting of those involved in cybersecurity research.
September 7, 2023 | Advanced Installer, a legitimate windows tool, is being hijacked by threat actors, in order to create software packages to drop cryptocurrency mining malware on computers. The main targets are heavy users of 3D modeling and graphic design in France and Germany. In this SC Magazine article, Critical Start’s Senior Manager of Cyber Threat Research, Callie Guenther, discusses the various methods and motivations these attackers may use to choose their targets.
September 4, 2023
Instagram’s new Threads is already proving to be a target for fraud and abuse, with several potential security and compliance risks associated with its use for organizations. Learn about some of these vulnerabilities from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research and how organizations can protect against these risks.
August 29, 2023
Web apps that contain Personally Identifiable Information (PII) are prime targets for threat actors due to the valuable data being stored. No platform is safe from cyber attacks or vulnerabilities, and these internet-exposed applications are no different. What are the true consequences of a breach for these web apps, and how they safeguard against vulnerabilities? Learn more from Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, in this SC Magazine article.
August 28, 2023
Learn the key findings in Critical Start’s new Cyber Risk Landscape Peer Report.
August 25, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed with The Record about the use of open-source tools with the new strain of malware from North Korea’s Lazarus group.
August 23, 2023
Critical Start’s Callie Guenther, Sr. Manager Cyber Threat Research, discussed the return of the XLoader macOS malware with Infosecurity Magazine and warnings for macOS users.
August 23, 2023
Critical Start’s Cyber Risk Landscape Peer Report was featured in Security Magazine.
Channel Futures highlights Critical Start’s MCRR launch and new Vulnerability Prioritization offering.
August 7, 2023
Critical Start’s CTO, Randy Watkins, was featured in SC Magazine discussing the recent Prospect Medical Holdings ransomware attack and how hospitals can mitigate this risk in the future.
August 2, 2023
Critical Start’s Ian Todd, detection engineer, discussed the rise of C2Ps with Security Boulevard.
Critical Start’s Cyber Risk Confidence Index was featured in Secure World
August 1, 2023
Critical Start’s CISO, George Jones, spoke with SC Magazine on the spike in zero-day vulnerabilities throughout Summer 2023, and what this means for the future.
July 19, 2023
Critical Start’s CISO, George Jones, discusses IT talent shortage with Information Week and how to combat those shortages and delays.
July 17, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed the recent Cisco Nexus 9000 vulnerability with Security Boulevard.
July 14, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, provided insight into the recent Cisco vulnerability with Information Week and the potential impact.
July 14, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, wrote a guest column with SC Magazine on the steps organizations should take following the recent state-sponsored cyberattack.
July 11, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed with Dark Reading the recent Mastodon vulnerabilities and how it impacts its overall security.
July 10, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, was featured in Security Week discussing NATO’s view on cyberattacks ahead of the July 2023 NATO Summit.
July 10, 2023
Is your cybersecurity team ready for a crisis? Critical Start’s CISO, George Jones, shared practical tips with CSO Magazine, about preparing your cybersecurity team for a crisis.
July 6, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed Cisco’s new vulnerability with SDX Central.
July 5, 2023
In response to the Nagoya Port ransomware attack, Critical Start’s Sr. Manager, Cyber Threat Research, Callie Guenther, shared practical steps to proactively protect your organization against ransomware attacks.
July 5, 2023
Should tech pros prioritize cybersecurity certifications? Critical Start’s CISO, George Jones, shared his thoughts on cybersecurity certifications and tech career advancement with DICE Insights.
June 28, 2023
What’s the future of Russia cybercrime? Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed the release of the FIS security assessment and Russia’s increased cyberattacks with Dark Reading.
June 28, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, was featured in Security Magazine discussing how to mitigate the latest BlackLotus threat.
Read full article
June 23, 2023
Critical Start’s CISO, George Jones, shared vital career advice for new tech grads with Dice Insights. Learn why both technical and business skills are crucial for a successful career in cybersecurity.
June 22, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, offers commentary on the new strain of JavaScript dropper with SC Magazine
June 22, 2023
Silicon Angle discussed the new JavaScript-based malware dropper with Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research. Learn how this brings new challenges for cybersecurity defenses.
June 22, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed the latest LockBit news and developments with Dark Reading. Can LockBit deliver embedded ransomware?
June 21, 2023
Identity threat detection and response (ITDR) programs are vitally important for organizations. Critical Start’s CISO, George Jones, spoke with Information Week on preparing and engaging employees when implementing ITDR.
June 20, 2023
Critical Start’s CTO, Randy Watkins, spoke with Security Week on the importance of adding an organization’s CISO as a board member.
June 19, 2023
Critical Start’s Callie Guenther, Sr. Manager, Cyber Threat Research, discussed with Dark Reading about the potential NSO sell-off and the ramifications.
June 15, 2023
A recent survey identified 200 CISOs’ and IT Decision Makers’ expectations and challenges in their cybersecurity systems. Critical Start’s CISO, George Jones, spoke with Security Boulevard about the increased confidence in cybersecurity systems and how to maintain it.
June 13, 2023
Article in Security Magazine featuring Critical Start’s H1 2023 Cyber Threat Intelligence Threat Report. Find key takeaways and commentary on the top threats of the first half of 2023.
June 13, 2023
Cyber Wire’s daily briefing, Featuring Critical Start’s H1 2023 Cyber Threat Intelligence Threat Report as a trend. Find key takeaways and commentary on the top threats of the first half of 2023.
June 13, 2023
Article in Enterprise Security Tech featuring Critical Start’s H1 2023 Cyber Threat Intelligence Threat Report. Find key takeaways and commentary on the top threats of the first half of 2023.
June 9, 2023
Several noteworthy vulnerabilities were discovered in the First Half of 2023. Critical Start’s Callie Guenther discussed with Info Security Magazine about these vulnerabilities and what security teams should do to stay ahead of these threats.
June 6, 2023
More organizations are investing in cybersecurity certifications, but do they enable the organization’s security team to effectively mitigate evolving cybersecurity threats? Critical Start’s CISO, George Jones, spoke with Security Boulevard on the growing concern of the lack of systems and metrics to demonstrate cybersecurity resilience.
May 23, 2023
A new kernel driver was recently discovered in the BlackCat ransomware through several incidents. Critical Start’s Cyber Threat Intelligence Manager, Callie Guenther, was interviewed by SC Magazine about the BlackCat ransomware and the response. Read her commentary and the full article below.
May 22, 2023
Hundreds of United States Postal Service (USPS) workers fell victim to a cyber attack where hackers intercepted payroll login information and rerouted paychecks . Critical Start’s Chief Technology Officer (CTO), Randy Watkins, shared his thoughts on this incident. Check out his commentary and the full article below
May 22, 2023
Critical Start’s Chief Technology Officer (CTO), Randy Watkins, spoke with ITPro on the evolving third-party software vulnerabilities. With many businesses using third party software and vendors, these vulnerabilities pose a major risk to businesses of all sizes. Watkins discusses how mitigating risk and MDR services are important tools to reducing third-party software vulnerabilities.
May 18, 2023
Critical Start was included as one of 10 MDR security vendors making moves so far in 2023 by CRN. In a recent interview with CRN, Critical Start’s CTO, Randy Watkins, discussed the company’s updates so far in 2023 and how Critical Start’s MDR platform resolves every single alert.
May 18, 2023
DICE Insights interviewed Critical Start’s Chief Information Security Officer (CISO), George Jones, on the growing cybersecurity consultant career path. Read more about what’s driving this growth, the necessary skills, and opportunities to jump into the cybersecurity consultant career path.
April 11, 2023
Critical Start’s Chief Information Security Officer (CISO), George Jones, was featured in DICE Insights discussing how an IT Auditor can lay the foundation for a successful cybersecurity career. Jones shares more about the skills needed to be an IT Auditor and what he looks for in hiring IT Auditors.
March 22, 2023
Critical Start’s Chief Technology Officer (CTO), Randy Watkins, discussed with IT Brew the importance of offboarding practices for users to keep patch management progressing.
February 13, 2023
Our CEO Rob Davis sat down with the Dallas Business Journal to discuss Critical Start’s beginnings, new international expansion, and thrilling things to come in the cybersecurity industry.
After seeing numerous cyberattacks on business and government organizations while holding various leadership roles at a previous network security company, Davis created Critical Start in 2011. Since then, we have gone from a startup in 3,000 square foot office space to one of the fastest-growing private companies in North Texas in 2022. Not only will we add headcount over the next several years to continue to bring value to our customers who use our Managed Detection and Response (MDR) services, but we are also growing globally with a new location in Pune, India.
When asked what opportunity he is most excited about for Critical Start, Davis responded:
“I’m incredibly excited about how the cybersecurity market is transforming from buying products and services to a focus on outcomes that impact the business. The cybersecurity market is making a transition to customers wanting to purchase the outcome of reducing the risk of a cybersecurity breach.”
Check out the full article and Q&A to learn:
November 27, 2022
The Dallas Morning News featured Critical Start’s CEO, Rob Davis, among the top 100 CEOs.
October 6, 2022
Critical Start was recognized as one of the fast-growing private companies in North Texas in 2022.
September 20, 2022
Critical Start’s CTO, Randy Watkins, spoke with Dark Reading on the recent cyberattacks at American Airlines and Revolut.
June 3, 2021
Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem. Today’s lineup includes:
Today’s MSSP and Cybersecurity News Alerts
Cybersecurity Partnerships and Strategic Alliances
MSSP and Cybersecurity Virtual Events and Conference Calendar for June
Featured in MSSP News June 3, 2021
May 31, 2021 |
Forty-seven percent of cyber security professionals are investigating only 10-20 threats per day, according to a report from Critical Start. Sixty-eight percent reported that up to three quarters of the threats they do investigate are false positives. And for so many CISOs, dealing with the nagging issue of a potential security breach and the ethical mandate to disclose and create dialogue turns instead to yet another task on the to-do list. Learn more in this Security Magazine article.
A cybersecurity expert warned that the alleged Russian hack of SolarWinds software, which affected top government agencies, is “probably an 11” in terms of seriousness on a scale of one to 10.
The U.S. Department of Homeland Security warned on Sunday that users of SolarWinds should disconnect or disable the software after it was discovered hackers had compromised an update from the company earlier this year. Unidentified sources told Reuters and the Associated Press that Russian hackers were believed to be behind the cyberattack, which hit federal government agencies and many of the nation’s top companies.
“It’s been said on a scale of one to 10 this is probably an 11 for the type of attack, the magnitude and the potential damage it’s done,” cybersecurity analyst Mark Wright, the chief security adviser at California-based cybersecurity startup Sentinel One, told Fox News on Monday morning. “Not from an infrastructure standpoint like going after the energy grid or taking things down. But simply from the loss of information, the stealing of secrets, especially very sensitive information and the fact that this was going on for months.”
“We have yet to even understand how big the damage assessment will be. But I guarantee you, by the time it’s done, it will be far worse than what we think it is right now because we still haven’t uncovered all of the people who have been attacked by this campaign,” Wright said.
Randy Watkins, the chief technology officer of Texas-based cybersecurity firm CRITICALSTART, said in an email to Newsweek that the goals of hackers can be financial as well as theft and data destruction.
“The primary motivation for cyber attacks are monetary, theft, and destruction. While many news cycles have covered the more consumer-facing monetary impacts of ransomware, campaigns for theft and destruction of data are still being heavily waged,” Watkins said.
The cybersecurity expert added the incoming administration of President-elect Joe Biden “will have to recognize the growing threat of cyber attacks from prominent world powers and terrorist nations alike.”
The new hack has affected Treasury Department and Commerce Department emails, and SolarWinds software is used by many other federal agencies including the Pentagon, the White House and NASA. Reuters reported Monday that the Department of Homeland Security was impacted as well. SolarWinds’ website says that “more than 425 of the U.S. Fortune 500” companies use its software as well. NBC News reported Monday that thus far, there is no evidence that classified U.S. government networks were breached. The scope of the attack remains under investigation.
In a Monday update, SolarWinds suggested that thousands of clients had potentially been impacted by the vulnerability, which had arisen through an update in the spring. “SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” the company said.
Russia has denied any involvement in the cyberattack. But Moscow’s efforts to interfere in government and private systems around the world have been well documented and reported by U.S. and allied intelligence agencies. It is typical for Russia—or other nations—to deny involvement with such attacks when they are accused. China and Iran have also recently been accused of carrying out cyberattacks against the U.S.
“I reject these statements, these accusations once again,” Dmitry Peskov, a spokesperson for Russian President Vladimir Putin said Monday, Russia’s Tass news agency reported. Peskov added: “It is wrong to groundlessly blame Russians right away. We have nothing to do with this.”
Featured on Channel Futures | December 9, 2020
This week’s FireEye breach is distressing for the cybersecurity industry as a whole and could have wide-ranging impacts on providers.
That’s according to cybersecurity experts who weighed in on the FireEye breach. The attacker has stolen assessment tools used to test FireEye’s customers’ security.
Kevin Mandia, FireEye’s CEO, reported the attack, saying it’s by a “nation with top-tier offensive capabilities.”
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” he said. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”
The attackers are highly trained in operational security, and executed with discipline and focus, Mandia said. Moreover, they operated clandestinely, using methods that counter security tools and forensic examination.
“And they used a novel combination of techniques not witnessed by us or our partners in the past,” he added.
The FireEye breach is being investigated by the company in coordination with the FBI and other key partners, including Microsoft.
The attacker targeted and accessed certain Red Team assessment tools. These tools mimic the behavior of many cyber threat actors. They also provide diagnostic security services to FireEye’s customers.
None of the tools contain zero-day exploits. FireEye is releasing methods and means to detect the use of its stolen Red Team tools, Mandia said.
“We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them,” he said. “Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.”
There’s no evidence that any attacker has used the stolen Red Team tools, Mandia said.
“We, as well as others in the security community, will continue to monitor for any such activity,” he said. “At this time, we want to ensure that the entire security community is both aware and protected against the attempted use of these Red Team tools.”
Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers, Mandia said.
“While the attacker was able to access some of our internal systems, at this point in our investigation, we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems,” he said. “If we discover that customer information was taken, we will contact them directly.
Randy Watkins is CRITICALSTART‘s CTO. He said the FireEye breach highlights major concerns in the security industry.
“First, everyone is a target,” he said. “Attackers continue to leverage less secure third parties to access information that is interesting to them. Second, attackers are advancing. Even FireEye is vulnerable to well-orchestrated, well-funded and persistent attacks. Though the Red Team tools compromised do not contain any zero-days, many organizations lack proper patching protocols, and could likely be vulnerable to some of the attacks from older exploits.”
A third and final lesson learned is that security organizations, private industry and government agencies must work together and find a common enemy in the attackers to “create a country more resilient to cyberattacks,” Watkins said.
Mike Puglia is chief product officer at Kaseya. He said the FireEye breach is troubling for the security industry for two reasons: how the attacker accomplished it and what they obtained.
“This was a very customized, almost surgical strike by nation-state actors against a specific private entity that provides security for some of the world’s most sensitive information, including U.S. national defense assets,” he said. “This is a major escalation of the nation-state cybercrime crisis. And it indicates that this already pernicious problem is still ramping up. This breach also allowed bad actors to obtain extremely valuable, cutting-edge technologies used to stop cybercriminals and spies from accessing critical secure systems and data. Unfortunately, not only does snatching those tools give them the opportunity to learn precisely how to beat them, but it also gives them an advantage in beating future defensive solutions built with similar technology.”
Nation-state cybercrime has been a major cybersecurity topic in 2020, Puglia said. That’s because it’s consistently becoming more common and more dangerous.
“While insulating your business against this exact attack type isn’t feasible, there are several long-term and short-term precautions you can take to make your business safer against more common types of nation-state attacks,” he said. “Insist that all of your clients add a secure identity and access management solution that includes multi-factor authentication (MFA) to throw up a roadblock between hackers looking for a quick win and your client’s data and systems. Also, strongly suggest that your clients add both secure backup capability to make their data quickly restorable in the event of an incident and dark web monitoring to guard against dark web threats like nation-state hacking through credential compromise.” Kevin Beasley is CIO of VAI, a midmarket enterprise resource planning (ERP) software developer.
“This breach will probably have a significant impact on the security industry,” he said. “For how long is unknown. Hackers used novel methods unfamiliar to FireEye and many other companies. This presents a unique challenge as the security industry will have to innovate and develop new solutions and software to combat and prevent breaches as hackers are advancing their methods and as they’re utilizing FireEye stolen tools. Many security tools and software solutions monitor for suspicious activity. But if new techniques are being utilized that are not detected by the current security tools set in place, then IT teams won’t be notified and efforts to breach the system can go unnoticed until it’s too late.”
“The scariest part of the FireEye breach is that the hackers used FireEye-developed tools as a weapon,” Beasley said. “Cybersecurity providers must work hard to protect internally developed tools that could potentially later be compromised and used for harm rather than good.”
Additionally, providers should take note of FireEye’s response to the breach, Beasley said.
“Even though bringing the news to the public caused the company’s shares to drop, the disclosure of the event will help mend FireEye’s reputation going forward, and maintain public trust,” he said. “Also, the company releasing countermeasures is a huge testament to its determination to stop the hackers and prevent future breaches. In the unfortunate case that another company or business experiences a breach, responding to the event in a similar manner is a good route to take.”
Featured on Fox 2 KTVU | December 4th, 2020
Tens of millions of Americans participated in cyber shopping during the weekend after Thanksgiving. Between Black Friday and Cyber Monday, deck KTVU’s Frank Mallicoat spoke to cybersecurity expert Randy Watkins, CTO of CRITICALSTART, a cybersecurity firm in Texas, about how to protect your personal information online
Featured on Fox News 13 Tampa | December 1, 2020
This holiday season is set to shatter online shopping records, as the pandemic pushes consumers online and shoppers are scoring deals from the safety of their homes.
The traditional Thanksgiving weekend shopping spree turned into a long lineup of digital deals this year.
“So it’s no longer just Black Friday to Cyber Monday, it’s two weeks before Thanksgiving and three weeks after Thanksgiving,” said Randy Watkins, chief technology officer for CRITICALSTART.
He says the convenience of shopping from the sofa also comes with serious threats. Usually, the hackers get into your accounts through your email.
The scammer’s goal is to get you to open an attachment that could install malicious software, or persuade you to enter private data like credit card information, usernames and passwords so they can steal your hard-earned money.
“An attacker does not care about your Walmart account, your Target account, your Amazon account, what they care about is that you probably use that same username and password for your Chase account, your Wells Fargo account, your Bank of America account,” Watkins said.
With all the deceptive ads and phishing attacks, it is tough to know what to trust. Experts say to be on the lookout for fake websites and emails that look like the real thing. Instead of clicking links, navigate to the website on your own and only shop with reputable retailers.
“If it seems too good to be true, it probably is. You’re not gonna get the $5,000 TV for $400,” said Watkins.
In the Tampa Bay area, scammers trick people out of millions of dollars every year, which is why you need to be vigilant and skeptical when loading up your shopping cart online.
“The tricky thing about this is it’s really hard to catch the people who perpetrate these,” explained Hillsborough County State Attorney Andrew Warren. “It’s hard to identify them, it’s hard when they don’t live in this country, and it’s really hard to prosecute them. That’s why the best response to this is trying to protect yourself before the fraud ever occurs so that the scammers never end up taking your money.”
Tips to Guard Against Attackers: https://www.criticalstart.com/how-retailers-can-be-ready-for-black-friday-and-cyber-monday/
Retail stores should be taking heightened security measures during the holiday season to protect their customers against cyberattacks, according to a cybersecurity company.
Black Friday may be more prone this year to cyberattacks as more consumers are choosing to shop online due to the coronavirus pandemic, cybersecurity company CRITICALSTART said recently.
Experts like Randy Watkins with CRITICALSTART, a Managed Detection and Response company that monitors cyber-attack detections, says extra caution is necessary when you’re digging for deals.
There are several ways to watch out for your personal information while you surf the internet to ensure your holiday shopping is “hacker free.”
“They don’t even really have to hack, they just have to convince you to give them your information,” Watkins said.
The first thing he says is to always be skeptical.
“Unfortunately, we have to live in a world of skepticism and vigilance when it comes to our security,” he added.
For all you online shoppers, he says, steer clear of site impersonations.
“An attacker will attempt to look like a large retailer and they will approach the user and convince them to log in to that website to capture the username and password,” Watkins said.
Hackers and scammers may use the large window of deals that retailers have created to lure potential victims to provide their sensitive information.
“A flood of aggressive advertising via social media and email may prompt consumers to dismiss red flags, making them even more susceptible to credential-harvesting phishing scams, account takeover and fraud,” the company said.
Consumers can protect themselves from having their information stolen from criminals in the following ways:
By Brian Womack
Dallas Business Journal | November 15, 2020
Plano’s Tyler Technologies was hit by an attack that’s become increasingly common today.
The software company, which assists local and state governments, in September announced it was hit by a ransomware attack, and its corporate website was taken down. The Web page would come back up, but the impact to revenue would be about $4 million between late September and October, CEO Lynn Moore said during a call with analysts earlier this month.
The incident was another reminder of the growing issue around ransomware. A mid-year report by Bitdfender, a cybersecurity firm, said global ransomware reports increased by 715 percent. Also, through Sept. 1, ransomware was the most observed threat year to date with over one-third of all cases, according to the intake of cyber incident responses at Kroll, a risk-management company.
“Ransomware is a huge deal,” said David Deering, CEO at Leo Cyber Security, noting he wasn’t speaking about Tyler Technologies’ case in particular. “It is a significant risk to businesses.”
The incentives for such attacks aren’t abating – it’s something that more companies are focusing on, or should be, observers say.
Ransomware is a type of malicious software designed to deny access to a computer system or data until a ransom is paid, according to the Cybersecurity & Infrastructure Security Agency. It typically spreads through phishing emails or via an infected website.
“While ransomware started as a broadly deployed attack against consumers, attackers have begun to weaponize it in targeted attacks on companies and government entities,” said Randy Watkins, CTO at Plano’s CRITICALSTART, which provides assistance around cybersecurity. “Initially, encryption of the information was the goal, and ransom was paid for decryption, but new attacks also leverage data theft, or exfiltration, to increase the ransom amount over the threat of disclosure.”
At Tyler, an investigation indicated the incident was solely directed at the internal corporate environment and not the separate environment where it hosts client systems.
“Multiple resources have verified our ability to resume safe file sharing activities, connection to our internal networks, and normal operational interaction with clients,” the company said in an updated statement on its website recently. “All indications are that the impact of this incident was solely directed at our internal corporate network and phone systems – not Tyler client systems.”
Targets of ransomware can be broad. Kroll notes particularly hit areas include professional services, healthcare, and technology and telecommunications. And then there’s governments and schools, including Athens’ school district, according to a recent report.
Ransomware is becoming more of an issue, according to Toby Ryan, chief data scientist at Cysiv, a North Texas provider of security operations center (SOC)-as-a-service.
“It’s very easy to do,” Ryan said. “Ransomware is almost a commodity. The majority of ransomware ransoms are small, you know, $500,000.”
It can all lead to some nice pay-outs to cybercriminals, Deering said.
“It’s a very lucrative way for individuals to make money,” he said. “It causes a significant amount of concern inside of businesses — and one of the easy ways to do it is to pay them. There are pros and cons and arguments on both sides on whether or not you should pay …. but because it’s such acute pain, it is a way to monetize the softness of someone’s cybersecurity program.”
The attackers tend to be careful in who they attack, Deering said. They’re not just blindly sending out some emails, hoping something sticks. They focus on those who have access to real money – so small companies with a handful of employees may not be hit.
Companies need the right tools to protect themselves. A key issue: Getting buy-in from top folks in an organization.
“It’s a leadership problem,” Deering said. “Most people think it’s a technical problem. The programs that I’ve seen that are immature inefficient because of for poor business leadership.”
Prevention is important, and goes a long way, Ryan said, along with “understanding the behavior of malware, ransomware specifically, will help you find it.”
Ransomware isn’t a new issue – and it’s something more folks are likely to grapple with, observers said.
“With all things, it’s going to course-correct over time,” Ryan said.
“As long as the attackers are incentivized with the prize — as long as companies are paying it — then I think it’s going to keep going until something happens.”
An interview with Douglas Brown of Thrive Global and Authority Magazine.
As a part of my series about “Lessons From Inspirational Women Leaders in Tech”, I had the pleasure of interviewing Tera Davis. She applies more than a decade of sales and technical experience to cultivate mutually beneficial relationships with CRITICALSTART’s strategic business partners. Her expertise spans a broad range of cybersecurity technologies including threat prevention, mobile security, next-generation firewall, and threat intelligence. Throughout her career, Tera has had the opportunity to work with hundreds of manufacturers, distributors and clients.
Brown: Thank you so much for joining us in this interview series! Before we dive in, our readers would love to learn a bit more about you. Can you tell us a story about what brought you to this specific career path?
Davis: I entered network security from the industrial controls industry. My fiancé at the time worked for a cybersecurity company, and they seemed to be having fun in a lucrative field. I got an interview at a network security reseller, and the rest is history. I never looked back. It is an exciting, ever-changing industry.
Brown: Can you share the most interesting story that happened to you since you began at your company?
Davis: As one of the founding members of CRITICALSTART, I can honestly say that navigating a global pandemic has been the most interesting thing in the last 8 ½ years. Like many others, we had to quickly shift to having everyone work from home. We navigated that beautifully, allowing a seamless transition for our customers. Our ability to quickly change and adapt during a global pandemic, and many other times along the way, is one of the reasons we continue to grow so quickly. We abide by our founding principles: 1. Do what’s right for the customer. 2. Don’t do things that suck. 3. Do what’s right for the employee.
Brown: Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
Davis: Well, I regret to say this has happened more than once — but sending an email to the wrong person can be funny or horrific! Luckily, mine have been good for a laugh on occasion. I’ve learned to slow down and always double-check that the email address didn’t automatically populate, but isn’t the one you wanted.
Brown: Can you tell us a story about the hard times that you faced when you first started your journey? Did you ever consider giving up? Where did you get the drive to continue even though things were so hard?
Davis: Having started a business, it was definitely waiting for the sales to come in to balance the outflow of cash paid to vendors. We would pay bills from our personal account and reimburse when we got payment from the customer. It was a passion for the way we were entering the market that kept everyone going. About 18 months into the journey, sales started coming in at a rate that turned things around. It hasn’t stopped yet!
Brown: None of us are able to achieve success without some help along the way. Is there a particular person who you are grateful to who helped get you to where you are? Can you share a story about that?
Davis: I have been in sales for most of my working days. I worked for someone early on that was very focused on customer follow up. He taught me to follow up with the customer even if I didn’t have an answer — just to let them know I was still engaged in the process. I adopted that, and it has helped me be very successful. People want to feel like they haven’t been forgotten. It’s a small detail that makes a huge difference.
Brown: Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life? “
Davis: Life is like a box of chocolates — you never know what you’re gonna’ get.” I love this because it’s true in so many ways. If you expect things to turn out a certain way, you will almost certainly be disappointed. Having wonder about what you might find along the way keeps things more interesting and positive. And, in case you think I’m just pulling a quote from a famous movie, I literally use this phrase as my status message in Microsoft Teams!
Brown: Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. We’d love to learn a bit about your company. What is the pain point that your company is helping to address?
Davis: CRITICALSTART is a world-class Managed Detection and Response company. We resolve every security alert and alleviate the pain point of alert fatigue for security analysts.
Brown: What do you think makes your company stand out? Can you share a story?
Davis: We have a proprietary software platform that allows end-users to select from multiple vendors that plug into our service. That, along with our Trusted Behavior Registry (allowing us to automatically resolve what is known-good) put us in front of the competition.
Brown: Are you working on any exciting new projects now? How do you think that will help people?
Davis: COVID definitely put a damper on it, but we have a Women in Technology group that meets quarterly to discuss things that are challenges specific to women in this industry. Through those meetings, we raise funds to aid the Treasured Vessels Foundation. This organization helps teens in our community get out of sex trafficking.
Brown: Let’s zoom out a bit and talk in more broad terms. Are you currently satisfied with the status quo regarding women in Tech? What specific changes do you think are needed to change the status quo?
Davis: I actually think there are some very powerful women making huge strides in Tech right now. From my perspective, things are moving in the right direction and organizations like this that bring awareness help move the needle.
Brown: In your opinion, what are the biggest challenges faced by women in tech that aren’t typically faced by their male counterparts? What would you suggest to address this?
Davis: We have actually had this topic at one of our Women in Technology happy hours. While I think things are improving, there are some challenges that women may always face. One is coming back to a career after maternity leave. I am seeing increased numbers of men taking paternity leave, so that is encouraging. Women seem to inherently struggle more with a work-life balance. Neither of these is specific to the tech industry. At CRITICALSTART, I feel that we do an amazing job of empowering women in the workplace. Having been there for the last 8 ½ years makes it difficult for me to see the major challenges that some others might face.
Brown: What would you advise to another tech leader who initially went through years of successive growth, but has now reached a standstill. From your experience do you have any general advice about how to boost growth or sales and “restart their engines”?
Davis: Change your methodology. If you have a program or set of guidelines you’ve been using, read something new and give it a try. There are constantly evolving sales strategies out there — might just be time to shake yours up.
Brown: Do you have any advice about how companies can create very high performing sales teams?
Davis: Hold them accountable and make their compensation plan easy to understand. I have never heard more complaints and seen a more unmotivated sales team than one who cannot decipher how they are going to get paid. Good salespeople are motivated internally by the desire to make more money.
Brown: In your specific industry, what methods have you found to be most effective in order to find and attract the right customers? Can you share any stories or examples?
Davis: Honesty. That sounds simple, but so many people out there are trying to sell customers another service or another tool/product. Sometimes, doing nothing is the right answer. If you are willing to turn away a deal and show unabashed honesty, the net of that is usually a loyal customer. In the early days of CRITICALSTART, our CEO told a customer in a meeting that they shouldn’t buy the particular tool that was being pitched. Trust me, we needed those sales, but the sentiment was that the customer would end up irritated that they didn’t have the time and resources to fully utilize the tool in the long run. When they had completed some recommended tasks to get in a better place, they returned and became a happy customer.
Brown: Based on your experience, can you share 3 or 4 strategies to give your customers the best possible user experience and customer service?
Davis: For our MDR — it is all about ease of use, which is why we created a mobile app.
Brown: As you likely know, this HBR article demonstrates that studies have shown that retaining customers can be far more lucrative than finding new ones. Do you use any specific initiatives to limit customer attrition or customer churn? Can you share some of your advice from your experience about how to limit customer churn?
Davis: Keep them happy — it isn’t always easy, and sometimes a situation is outside your control, but that is the simplest answer. Do customer satisfaction surveys and pay attention to the answers. Make changes where necessary. A happy customer may not always say something to a colleague, but an unhappy customer almost certainly will.
Brown: Here is the main question of our discussion. Based on your experience and success, what are the five most important things one should know in order to create a very successful tech company? Please share a story or an example for each.
Davis:
Brown: Wonderful. We are nearly done. Here are the final “meaty” questions of our discussion. You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger.
Davis: Honestly — I would just say that people need to spread more kindness — can we get behind that? I read something once that said “kindness is free, sprinkle that sh*t everywhere” . . . I couldn’t agree more. Do something kind for a coworker, a neighbor, a stranger — watch how it changes their demeanor . . . . and probably the rest of their day.
Brown: We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would love to have a private breakfast or lunch, and why? He or she might just see this if we tag them.
Davis: Well, I did dance on stage once with FLORIDA — and I think it would be nice to have a follow-up conversation from that.
Brown: Thank you so much for this. This was very inspirational, and we wish you only continued success!
Without a clear winner, there is a big opportunity for disinformation campaigns.
Cybercriminals are “relishing in the madness” of those trying to sow further discord as the presidential election outcome remains unknown.
That’s according to Jerry Ray, SecureAge‘s COO. He and other cybersecurity experts were anxious to weigh in Wednesday as efforts continue to determine the election outcome.
“The higher the temperature of those defending or defaming the election results, the lower their awareness of the multitude of attacks awaiting them,” Ray said.
Those attacks include phishing emails, fraudulent websites and other tactics to exploit the “highly distracted,” he said.
“As the votes continue to be counted, the most inevitable and effective cyberattacks will be subtle, unnoticed, unattributable and masked within the culture of doubt and suspicion cast upon the election for the sake of either plausible deniability by the victors or grounds for dispute by the vanquished,” Ray said. “With only a fraction of 1 percent of the voting population determining the outcome, the attackers need only work in the margins and against those least able to defend themselves or least likely to notice.”
Allyn Lynd is Critical Start‘s senior digital forensics and incident response (DFIR) adviser/manager.
“There are currently organizations reporting what they believe are irregularities in voting-polling rolls, but no actual voting machine hacks,” he said.
There are credible reports of uncounted votes stemming from someone else registering for an absentee ballot to a bogus address.
“Again, this is not an issue with the voting machines, but an issue with the voting ecosystem,” Lynd said.
This adds to the confusion as results remain uncertain, he said.
Brandon Hoffman is NetEnrich‘s CISO. He said there’s a big opportunity for disinformation campaigns to continue to erode confidence in the election process.
“Sowing discord will help future campaigns with a more malicious intent,” he said. “As they foment unrest, people are more likely to click on emails and sites that echo their own sentiments that have been stoked by these information warfare exercises.”
Joseph Carson is chief security scientist and advisory CISO at Thycotic. He said attackers continued to focus cyberattacks at the election campaigns. Furthermore, they focused on creating disinformation on social media, all focused at generating distrust in the system.
“Hacking an election is not about influencing the outcome, it is about hacking democracy,” he said. “It is always important to see the ultimate motive. And hacking democracy is about dividing people, creating distrust in both your government and your fellow citizens.”
Tim LeMaster is senior director of systems engineering at Lookout.
“There was a lot of work going on behind the scenes to coordinate election security issues, both in terms of threats, but also best practices and security guidance,” he said. “There was a significant focus this year on recognizing and removing disinformation from social media. With so many Americans using those platforms, it’s important to have some amount of monitoring in place to limit foreign attempts to spread misinformation that would further divide the citizens.”
Moving forward, there will be a growing need for coordinated efforts around sharing threat data and government guidance, LeMaster said.
“Organizations like the U.S. Election Assistance Commission (EAC) will play an even larger role in coordinating some of that activity,” he said. “The emergence of groups like Defending Digital Campaigns is an encouraging sign that things are headed in this direction.”
Mark Kedgley is CTO at New Net Technologies (NNT). He said as society becomes more automated, ensuring the integrity of democratic processes needs “serious care and attention.”
“As the Hall County, Georgia, case indicates, voting machines are connected to distributed databases, which expands the attack surface to the IT infrastructure of each county or state where such a connection is in place,” he said. “Vulnerability management, secure configuration baselines and change control are all now non-negotiable.”
By Faith Karimi, CNN – October 20, 2020
As the US grapples with an election season rampant with mistrust and conspiracy theories, federal officials are warning Americans about threats to undermine the integrity of the vote — and how to avoid them.
Mail-in ballots, massive turnout and the pandemic could combine to delay the outcome of this year’s presidential election, providing a wide window for scammers and others to spread false information.
Social media is again populated by false election claims. Adding to the confusion, Microsoft says Russian, Chinese and Iranian hackers have targeted people and organizations involved in the election.
“A significant number of Americans appear susceptible to believing unproven claims,” Daniel A. Cox, director of the Survey Center on American Life and co-author of a report on US conspiracy theories, said in a statement. “Politically motivated conspiracy theories find a receptive audience among both Democrats and Republicans.”
Both the FBI and the Cybersecurity and Infrastructure Security Agency, which protects the nation’s infrastructure, have reassured voters that they’re working to protect the election’s integrity.
But the two agencies are urging Americans to keep an eye on the following threats:
The stakes in this year’s election aren’t just high in the US. “Foreign actors” and cybercriminals may try to discredit the results by spreading disinformation, the FBI and CISA say. These false claims could include reports of ballot fraud, cyberattacks targeting election infrastructure, and other related issues that could make voters question whether the election is legitimate, federal officials say.
Hackers may also spread false reports that they obtained and leaked US voter registration data. But don’t worry, the feds say.
“In reality, much US voter information can be purchased or acquired through publicly available sources,” both federal agencies say. “While cyber actors have in recent years obtained voter registration information, the acquisition of this data did not impact the voting process or the integrity of election results.” Public leaks of voters’ information do occasionally happen. In 2017 the personal information of almost 200 million registered US voters was accidentally exposed online by a Republican analytics firm.
Foreign governments have used pseudo-academic online journals to spread false information in the past. And they may use them again to try to influence the outcome of the election, the FBI says. Such fake online journals could express support for specific candidates, allege voter suppression, amplify reports of real or alleged cyberattacks on election infrastructure and assert voter fraud, federal officials say. Foreign actors employ social media and other online platforms to increase the journals’ global reach and give them credibility. “Such sites could be employed … to manipulate public opinion, increase societal divisions, cause widespread confusion, discredit the electoral process and undermine confidence in US democratic institutions,” the FBI and CISA say.
Cybercriminals have mastered the art of spoofing email domains. During elections, they use that to fool people into thinking that websites or emails are legitimate, federal officials warn. “Adversaries can use spoofed domains and email accounts to disseminate false information; gather valid usernames, passwords, and email addresses; collect personally identifiable information; and spread malware, leading to further compromises and potential financial losses,” the FBI says.
These crooks set up fake domains by making small changes to words (“electon” instead of “election”). Or they masquerade as official government sources but use an alternative domain, such as a dot.com instead of dot.gov site. Even so, “if cybercriminals were able to successfully change an election-related website, the underlying data and internal systems would remain uncompromised,” the FBI and CISA say in a joint report.
Criminals also have tried to target election systems, federal officials say. While that can slow a system or make it temporarily inaccessible to election officials, it does not prevent voting or the reporting of results. “The FBI and CISA have no reporting to suggest cyber activity has prevented a registered voter from casting a ballot, compromised the integrity of any ballots cast, or affected the accuracy of voter registration information,” the agencies say in a statement.
“Any attempts tracked by FBI and CISA have remained localized and were blocked, minimal, or easily mitigated,” the agencies say. Federal officials say such attempts would be difficult to conduct undetected. And even if hackers did succeed in affecting voting, election officials say they have multiple safeguards and plans in place. They include provisional ballots so registered voters can cast ballots and paper backups.
The federal agencies are providing tips on how to beat these scams:
While voters should be concerned about election threats, they should not be worried about the integrity of their vote, said Allyn Lynd, a senior adviser at CRITICALSTART, a cybersecurity company in Texas. “The US Election Assistance Commission — a federal agency that serves as a resource for election administrators and vendors — conducts testing and certification of voting machines,” he told CNN. But if anyone believes their vote has been tampered with, they should notify election officials at their polling place and report it to federal agencies such as the FBI. “The public should be aware that election officials have multiple safeguards and plans in place — such as provisional ballots to ensure registered voters can cast ballots, paper backups, and backup pollbooks — to limit the impact and recover from a cyber incident with minimal disruption to voting,” Lynd said. The best protection to ensure a vote is correctly recorded, counted and tabulated is a paper trail showing all those steps, he said. See the CNN article
FAYETTEVILLE, Ark., Sept. 22, 2020 /PRNewswire/ — CRITICALSTART, a leading cybersecurity provider of Managed Detection and Response (MDR) services, announced Tuesday it is now providing enhanced security services to all of Arkansas’ public colleges and universities by partnering with the Arkansas Research and Educational Optical Network (ARE-ON). ARE-ON is a member of the Quilt, a non-profit national coalition comprised of 38 of the country’s most advanced regional research and education institutions.
ARE-ON and its members comprise a community of thought leaders focused on collaborative learning and innovation through advanced networking, technology, and research in Arkansas. ARE-ON is a not-for-profit consortium of all public degree-granting institutions in Arkansas and other selected higher education organizations.
In 2019 alone, there were seven well-publicized cyber-attacks made against higher education institutions in the state of Arkansas. While a small security breach can have an economic impact of around $250,000, breaches on average cost nearly $7,000,000 to address and mitigate. With most security teams in the higher ed. space being comprised of small numbers, just one successful attack can cripple the network of an entire university system.
As a result of the CRITICALSTART and ARE-ON partnership, colleges and universities under the ARE-ON umbrella will now be protected by a standardized, 24/7 managed service for threat detection and prevention that is resolving every alert and significantly reducing response times.
“Hackers and malicious online actors both in the US and overseas are increasingly seeking to exploit large organizations like those in the higher ed. space for financial gain,” said Alan Bain, CRITICALSTART Chief Revenue Officer. “It is imperative that colleges and universities in Arkansas and across the United States take these threats seriously and strengthen their security postures to guard against being held hostage by a breach.”
“Knowing that just a single breach can cost upwards of $7,000,000 to mitigate, it was an easy decision to take immediate steps aimed at helping strengthen the security of Arkansas’ many public colleges and universities,” said Robert Nordmark, Executive Director, Arkansas Research and Education Optical Network. “This partnership will benefit scores of students and researchers in our state both now and in the future.”
About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn or Facebook.
ABOUT ARE-ON
The Arkansas Research and Education Optical Network (ARE-ON) organization and its members comprise a community of thought leaders focused on collaborative learning and innovation through advanced networking, technology, and research in Arkansas. ARE-ON is a not-for-profit consortium of all public degree-granting institutions in Arkansas and other selected higher education organizations.
State authorities in North Rhine-Westphalia are investigating whether a hospital ransomware attack resulted in negligent homicide, according to a report by the German public broadcaster DW.
Media reports say this may be the first time that a hospital cyberattack has caused a death, even if it was indirectly.
Düsseldorf University Clinic had to redirect a woman needing life-saving treatment to another hospital in Wuppertal on the night of Sept. 11; a ransomware attack had crippled the hospital’s IT system. The state Justice Ministry, according to DW, claims the delay resulted in her death.
The Associated Press reported yesterday that the hospital’s systems remained disrupted a week later. With no access to data, emergency patients have to go to other hospitals, and Düsseldorf University Clinic has postposed scheduled operations.
“This may well mark the first time that a human casualty has been linked to a ransomware attack. It’s an incredibly grim possibility that cybersecurity experts have been warning about for quite some time,” said Forbes contributor Lee Mathews.
CRITICALSTART (Plano, Texas) offers a managed technology platform and consulting to protect organizations from cyberattacks. The company’s CTO Randy Watkins described ransomware attacks on hospitals as terrifying.
“While some attackers have sworn not to target hospitals, others see it as a guaranteed payout with the ultimate hostage, human life,” Watkins said in a statement shared with MassDevice‘s sister site Design World. “To defend against these attacks, hospitals need to evolve their cybersecurity posture by ensuring computer hygiene and proper protection across the organization.”
Featured National Cybersecurity News | September 18, 2020
PLANO, Texas, Sept. 10, 2020 /PRNewswire/ — On Thursday, Dallas-based cybersecurity firm CRITICALSTART – a leading provider of Managed Detection and Response (MDR) Services – announced it has elevated its VP of Product Marketing, Carrie Kelly, to serve as the company’s new Chief Marketing Officer. As a result of the promotion, Carrie will now oversee both the product and corporate marketing teams to ensure the promotion of a singular, unified marketing strategy that will play a key role in helping CRITICALSTART achieve its aggressive goals for growth and expansion.
The need for an expanded, all-encompassing marketing capability is being driven by CRITICALSTART‘s rapid growth in 2020. Over the past 12 months, the Company has nearly doubled its revenue, with growth of 94.7%. In its second fiscal quarter this year, the Company had its largest sales quarter-to-date for its Managed Detection & Response business and continues to add to the 60 partners in its channel program. In addition, the organization recently moved into a new 33,000 square foot office space to support its growth. These numbers are a continuation of 2019’s trajectory when CRITICALSTART grew its MDR portfolio by more than 100 percent.
“This year has resulted in unprecedented challenges for the US and global economies, but we have been able to continue growing by focusing on our customers’ needs and helping them navigate the current security landscape,” said Rob Davis, CRITICALSTART‘s founder and CEO. “I am proud of the work our growing team has done, and we all look forward to meeting the next wave of security challenges that arise by continuing to build and grow our team both internally and externally.”
Under the new marketing team structure, Stacie Bon will continue serving as Vice President with a focus on field marketing and Sarah Mutscheller will lead digital and demand generation as Senior Director. The marketing team will continue growing under this leadership to bolster product marketing, product launches, and to support CRITICALSTART‘s channel sales model.
The promotion of Kelly to the role of CMO is just the latest in a number of executive level promotions and hires at CRITICALSTART. Others include:
A 16-year-old student was able to disrupt the Miami-Dade Public Schools e-learning system earlier this week and cause chaos across the district, including the platform virtual-only students have been using, called K12.
Police say David Oliveros attends South Miami Senior High. He was arrested during the early morning hours on Thursday and will face a judge in October.
Investigators say this was the work of the tech-savvy teen and they say others were likely involved, their hunt for the other suspects continues.
“Really what I think this highlights is the actual level of ability involved to launch an attack of these sorts. It’s very very easy,” said Randy Watkins, a cybersecurity specialist for the company CRITICALSTART.
Watkins says other school districts in Florida need to take what happened in Miami-Dade as a lesson, to ask lots of questions about what security measures third-parties use.
Could a similar attack happen in Central Florida?
The Brevard County Schools Communications Team sending FOX 35 News a statement in response to the developments in South Florida.
“Brevard Public Schools has several layers of security protecting our infrastructure, network, and systems. The safety of our students and staff is our top priority and we will continue to provide all protections possible to ensure the continuity of education for our students, teachers, and all stakeholders within our organization.”
The need to keep virtual learning platforms secure is critical in Brevard County. Since re-opening, 18 schools have seen COVID-19 cases and one of them had to close down entirely — all 580 students at that school are virtual learning again.
“I could go out onto the internet and say ‘I would like to bring down this website’ you put in your credit card information pay 20, 50, or 100 dollars, and it immediately targets the website and does damage,” Watkins said.
A K12 spokeswoman sent FOX 35 News the following statement,
“DCPS was the target of the DDoS attack, not K12. K12 was not the cause of the DDoS attack and was not responsible for the M-DCPS network. Also, note that the K12 network was not directly impacted and data was not compromised. However, as the curriculum and platform provider to M-DCPS, the network disruption and outages did impact K12’s delivery of service.”
We contacted other school districts in the region to find out about their cyber-security.
Seminole’s school system responded with this statement:
“School districts work hard to prevent cybersecurity threats on a year-round basis and work with our service providers to implement preventative measures to minimize risks. We’ve experienced Denial of Service threats in our district in the past and in each instance, developed further measures to secure and enhance any potential vulnerabilities. This is something our technical teams focus on year-round as new threats emerge.”
Other districts have yet to respond.
Routers made by MoFi Network are affected by several vulnerabilities, including critical flaws that can be exploited to remotely hack a device.
The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched.
The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web management interface, which by default is accessible on all network interfaces. Some of the vulnerabilities can allow an unauthenticated, remote attacker who has access to this web interface to take complete control of the targeted router.
Some of the critical vulnerabilities can be exploited to authenticate on a device using hardcoded or weak credentials. Mirch also uncovered undocumented backdoors that can be abused to gain root access to a device.
The researcher also found that a router can be rebooted remotely by sending it a specially crafted HTTP GET request, and that an unauthenticated attacker can obtain sensitive information, including passwords, from a device.
Mirch says the vendor has patched the critical issues he reported initially, but those fixes introduced new backdoors and other weaknesses that are currently unpatched.
“The initial critical vulnerabilities have been patched,” Mirch told SecurityWeek. “However, they introduced new undocumented backdoors which inadvertently created a new critical unauthenticated remote command injection vulnerability. The vendor has not patched the backdoors or the new RCE.”
The researcher says the vendor has released roughly 10 firmware updates since he reported the vulnerabilities, which has led him to believe that the company does not plan on fixing them. He pointed out that MoFi Network has stopped communicating with him.
SecurityWeek has reached out to MoFi Network for clarifications and will update this article if the company responds.
On June 25, Mirch identified more than 14,000 MoFi routers with an exposed management interface using the Shodan search engine. That number dropped to roughly 7,100 by September 1, which may be a result of US-CERT also being notified. US-CERT was informed about the vulnerabilities on June 10 and it may have asked some ISPs to prevent remote access to their customers’ routers.
Featured in Security Week | September 8, 2020
Ransomware attacks are usually more common early in the school year.
Cybersecurity experts are concerned about attacks on Michigan schools ramping up early in the school year, especially with many students learning remotely.
Last year, more than 500 schools across the country were hit by ransomware, cybersecurity experts said. To make matters worse, the attacks usually picked up in the first few weeks of school when students, parents, and teachers had their guard down.
Security experts told the Local 4 Defenders that ransomware attacks are on the rise, targeting schools and colleges across the nation. Your home laptop could also be targeted.
As Michigan students return to school in the next few weeks, some will be handed Chrome books and others will use their own laptops. All of them need to be on the lookout for cyber attacks.
“There are two fronts where the attacks are going to happen,” said Randy Watkins, chief technology officer for CRITICALSTART. “One is toward the students, and the other is toward the school.”
CRITICALSTART is a cybersecurity company. Watkins said he continues to see an increase in ransomware, especially when schools first start back up.
“Attackers are going to make a lot of fake sites to distribute malware,” Watkins said. “Sometimes it’s an attacker that is trying to steal information for identity theft. It just depends on the motivation of the attacker.”
Parents should make sure children are looking at reputable web sources and not just anything that comes up on Google.
“Now we are looking at school starting and they are starting to come around with remote registration links and URLs,” Watkins said. “They are coming around with a syllabus that looks like a syllabus attachment, but it is actually a piece of malware. If you click on that syllabus, it infects your machine.”
Experts said parents should also reach out to schools and ask what they’re going to protect their students’ information.
“The school bears the brunt of the responsibility for implementing controls to ensure the safety of the students’ information,” Watkins said.
Another attack target on the rise is parents, he said.
“Attackers targeting the parents of students by sending them fake report cards that are really just pieces of malicious software,” Watkins said.
If a home computer is compromised, there are fewer options.
“With a lot of the ransomware that is going around, that is where an attacker will encrypt your files and demand money for it,” Watkins said. “Unfortunately, in a lot of cases, the only remedy is to pay the ransom.
“Everyone should have a properly patched computer. When Windows or Microsoft releases a patch, you are going to apply those.”
You should also maintain some level of antivirus on your machines to prevent malicious items from installing.
Parents are well within their rights to ask if their school has an instant response program and whether parents will be notified if the school computers are attacked.
Featured in WDIV Detroit News | September 1, 2020
Written by Sean Lyngaas of CyberScoop
In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch.
Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code.
But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CRITICALSTART ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys.
“Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday.
The research points to a longstanding yet unresolved issue: how to incentivize security among vendors who sell routers in a market that prizes affordability and convenience. It’s not just MoFi: in the last three months, security experts have found critical bugs in routers made by other vendors that have struggled, or even declined, to provide patches for them. The issue has only gotten more pressing as the pandemic caused by the coronavirus has enforced an indefinite work-from-home routine for countless corporations.
In MoFi’s case, the remediation process is not yet complete, according to Mirch. The company initially fixed some of the vulnerabilities, but it also introduced new bugs when it updated the firmware, he said. Those includes a vulnerability that could allow an attacker to remotely inject code on a device. In correspondence with Mirch reviewed by CyberScoop, a MoFi engineer argued that the remote access features the company introduced were necessary for customer support.
MoFi did not respond to phone calls, emails and Facebook messages seeking comment. As of this writing, four of the vulnerabilities that Mirch found haven’t been addressed, he said.
MoFi also argued that the routers were configured in a way that did not expose them to the public internet. But as of Wednesday, Mirch had found 6,800 MoFi devices in Shodan, the search engine for internet-connected devices. That number had been as high as 14,000 in June, Mirch said, before the device owners apparently began quietly addressing the issue.
Our TEAMARES:
CRITICALSTART’s TEAMARES is comprised of professionals with more than a decade of experience conducting offensive and defensive security services. Our team has expertise in a wide array of industries, including oil and gas, healthcare, app development firms, hospitality, technology, and more.
Follow us on Twitter @TeamAresSec and @CRITICALSTART to stay up to date on vulnerability discoveries and cybersecurity news.
Featured in CyberScoop | September 2, 2020
The New Zealand Stock Exchange (NZX) has been under attack for several days now as a DDOS attack (distributed denial of service) crippled trading on the exchange. NZHerald claimed that Russian cybercrooks were behind the attack.
On August 26, the NZX issued the following statement:
Yesterday afternoon NZX experienced a volumetric DDoS (distributed denial of service) attack from offshore via its network service provider, which impacted NZX network connectivity. The systems impacted included NZX websites and the Markets Announcement Platform. As such, NZX decided to halt trading in its cash markets at approximately 15.57. A DDoS attack aims to disrupt service by saturating a network with significant volumes of internet traffic. The attack was able to be mitigated and connectivity has now been restored for NZX. NZX will resume normal market operations today, Wednesday 26 August.
Trading was actually said to have been reinstated today (August 28).
It has been reported that the New Zealand government has enlisted the country’s spy agency, the GCSB, to assist the NSX in uncovering the perps but it also raises questions as to why the exchange was so ill-prepared for such a type of an attack. Speculation is the NZX is the target of an extortion attempt, perhaps paid out in crypto like Bitcoin, but the exchange has remained quiet on the subject.
CRITICALSTART, a cyber-defense firm, shared a statement with Crowdfund Insider. A spokesperson said that as attacks enter their 4th straight day on NZX, the national government is starting to involve its spy agencies to find additional information about the source of the attack that while currently being disclosed as “offshore”, the attention and resource delegation to the attack is a strong indicator of the level of seriousness.
“The attack itself isn’t exceedingly complex or difficult to launch. Distributed Denial of Service attacks involves overwhelming a site’s resources with traffic, rendering it unavailable for legitimate use. These types of attacks are difficult to prevent, and have long been used to attack the availability of applications. The suspected attackers in this scenario are Fancy Bear and the Armada Collective, who appear to be targeting other financial institutions like MoneyGram, PayPal, Venmo, and others. While it hasn’t been confirmed, the suspected motivation is extortion, demanding a ransom to return the availability of their services. Based on the success of these attacks, sights could turn to point towards larger, more valuable targets, up to and including the NYSE.”
The NZX is not the first target of a DDOS attack and will not be the last. Amazon was famously assaulted by the “largest ever DDOS” attack back in June that reportedly experienced an attack of 2.3TBS. The previous record was said to be 1.7TBS.
Cloudflare, and other services, offer DDOS protection and the NZX was said to have migrated is the platform to Akamai to disrupt the attacks but it may be a while until the dust settles and we know more.
Newshub quoted Professor Dave Parry from Auckland University stating the attacks were quite sophisticated:
“Unfortunately, the skills and software to do this are widely available and the disruption of COVID and people working from home all over the world potentially with lower security on their computers means that these attacks are easier than usual,” said Parry.
Featured in Crowdfund Insider | August 28, 2020
NASHVILLE, TENN. (WSMV) – As schools are back in session, so are hackers and cyber-criminals looking to take advantage while students and districts continue to adapt to a new style of learning and teaching.
“There wasn’t anything that they necessarily did wrong, it’s just something they weren’t prepared for,” said Randy Watkins, chief technology officer for cybersecurity company CRITICALSTART.
Watkins is trying to make sure schools are prepared for potential hacking attempts like some experienced in the Spring.
One thing he’s seen is attempts to overload school district computer systems.
“Essentially they’re giving the platform more traffic than it can handle, which makes it unavailable for legitimate traffic,” Watkins said. “So it’s actually preventing the students from logging-in and preventing them from getting their education.”
But why would anyone want to do that?
Watkins says there could be several different reasons.
“There’s a lot of different motivations for an attacker, sometimes it’s notoriety. Sometimes it’s a prank,” Watkins said. “In this instance, it was actually a student at the school to be funny or prevent themselves from having to go back to school.”
While many districts have been working with cybersecurity teams to protect their networks, families at home may be more vulnerable.
“Microsoft and other applications on your computer release regular security updates, so make sure you’re keeping up with those,” Watkins said. “Maintain proper antivirus coverage. You should have an application on your machine that’s meant to stop malicious software from being installed.”
Most importantly, in this digital era, it’s best to encourage everyone in your household that’s using a computer to have a critical eye, even youngsters.
“Unfortunately yes, we are putting more responsibility on them to be responsible stewards of security,” Watkins said.
In addition to protecting their systems, school districts are also responsible for protecting your child’s personal information.
Watkins suggests parents reach out to their students’ schools to ask what they’re doing to protect that information.
Featured in News 4 Nashville | August 27, 2020
How you can protect your computer and how school districts are protecting your information.
With so many kids doing school online, there’s a new concern that parents may not be thinking of… computer security. Not only at home, but with the school district having your child’s personal, sensitive information.
Just imagine your 9-year-old child, who barely knows how to use a computer, much less email. They open an email that looks to be from a teacher with a link inside that says ‘click to get homework’. They click it and suddenly your computer is infected with a virus. It’s a hypothetical situation but could happen and destroy any pictures or documents you have on that computer.
Randy Watkins is the chief technology officer at a company called CRITICALSTART that helps businesses and organizations detect and defend themselves from cyber threats. “With schools having so much attention right now with school starting back up. They’re on all online platforms and they’re collecting more information about users, attackers see them as having more valuable information that they’ll pay a higher ransom for so they are absolutely targeting schools with ransomware.”
He says there are several things we can do at home to protect ourselves and our kids. First, make sure your computer’s operating system is properly patched or updated. “Organizations and software companies like Microsoft, they release security patches pretty regularly.’
Maintain any antivirus software already installed. “That will help prevent some of the ransomware from executing on your computer.”
And teach your kids about the culture of computer security. “Teach them to only look at reputable sources on the internet. Don’t open emails they aren’t expecting to open. Don’t open attachments from those emails if they haven’t verified that they should have an attachment.”
School districts also have a responsibility to protect your child’s information. We asked several Tampa Bay area school districts how they are doing that.
Pinellas County: “The district has many safety systems in place to protect computers from being hacked including anti-virus software to a top-rated firewall. We lock down the student computers meaning students don’t have administrative rights. They can’t load any applications or software to the device.
The district loads only approved software and the applications needed. Students are allowed to receive and send only internal emails such as to their teachers. They cannot email other students. The district has a TIS Security Council that meets twice a month to review security manual, security protocols, vulnerability and penetration tests, and train staff on cybersecurity.”
Hillsborough County: “As for our own security systems, our district deploys a managed Fortinet nextgen firewall service with content filtering for the devices.
Also when the device is taken home, we currently have Lightspeed Relay filtering deployed for content filtering. We deploy Symantec EndPoint Protection on all Windows devices district-wide. Our software allows for application control as well as other controls.”
Featured in WTSP Tampa Bay News | August 27, 2020
Most schools and universities are back in session virtually.
While online learning is the best option during this ongoing COVID-19 pandemic. It is also the perfect opportunity for hackers to strike.
Randy Watkins, Chief Technology Officer for CRITICALSTART, a cybersecurity company, says hackers are increasingly targeting online learning tools and e-classrooms.
“Most attacks are delivered by email not just in these attacks but of all attacks. It’s easy for an attacker to send out emails that contain attachments or links to download malicious software that can do everything from giving them a back door into your computer to encrypt all your files and hold them for ransom,” said Watkins.
Watkins says education is key and encourages all parents to talk to their kids about the risks. He adds that parents should be on the lookout too.
“So if you are expecting from your student’s school district it should come from a Gmail,” said Watkins. “So look for that domain mismatch also look at links. You can do a link preview where you hover over a link and I’ll show you where it’s going to take you and if that doesn’t match your expectations, then don’t click on it.”
Watkins adds that school systems have also been the victims of these cyber-attacks.
“A notable attack that was launched by a student where they essentially overwhelmed the application with traffic and took it offline and what that does is it takes it away from other students. So they see it as a prank they see it as a joke when it’s actually a pretty serious offense,” added Watkins.
Featured in KSEE 24 News | August 21, 2020
RALEIGH, N.C. (WNCN) — School is in session, but instead of heading into the classroom many kids are logging onto their computer, and IT professionals are warning that could cause serious problems.
“With every school going into this new realm I just don’t think we’re prepared,” said Quentin Rhoads-Herrera, Director of Professional Services at Critical Start. “Especially since a lot of them kind of quickly had to stand up this new technology, and quickly buy into these vendors. There hasn’t been a lot of attention placed into security in the educational space.”
Cyber-attacks are nothing new for many colleges and universities.
“Universities actually get breached a lot,” said Rhoads-Herrera. “If they are research universities we see them get hit by nation-states quite a bit.”
However, Rhoads-Herrera believes hackers may have found a new target.
“We’re going to see a lot of attackers hit up schools in a way to disrupt services by causing chaos or outages,” said Rhoads-Herrera. “Others may go after them for data such as addresses or any type of sensitive information.”
“How prepared do you think we are as a nation for e-learning,” asked CBS 17’s Holden Kurwicki.
“I don’t think we’re very prepared,” said Rhoads-Herrera.
The good news is that there are ways to protect yourself by updating your computer’s security, strengthening your password, and using only verified WiFI devices.
“Whatever we deliver we have to make sure we’re at least doing our due diligence enough to say we’re securing our students’ data, our faculties data,” said Rhoads-Herrera. “When a breach does happen we need to be transparent about it and do everything in our power to follow up on it and prevent it from happening ever again.”
So many students are starting classes this week and cyber experts warn that your child’s e-classroom could be a target. Cyber experts with CRITICALSTART said it’s time to be proactive to stop hackers in their tracks and not reactive after something happens.
There are a number of concerns when it comes to children and the internet.
“Kids are going to be on the internet more than ever with everything being online. They always have the internet at their fingertips,” said Randy Watkins, CRITICALSTART Chief Technology Officer.
Now more than ever, with kids of all ages taking on learning from home, experts said they’ve already seen what could happen. They said hackers could disturb your student’s class time.
“A lot of folks want to know why are people doing this at all. We’re all going through this pandemic and why would you stop children from learning,” Watkins said.
Watkins said hackers usually attack for one of two reasons; fun, like pulling a prank, or destruction, like stealing private information.
“Kids don’t even have to be technologically inclined to attack at school,” Watkins said.
Experts also said the best thing parents can do is teach kids to not click on questionable links or pop-ups and only use recognizable websites for research. Cyber experts also recommend checking with your child’s school to see what their plans are to keep students safe while learning at home.
Featured in KOAT 7 Action News | August 13, 2020
PLANO, TX – August 12, 2020 – CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced that it has been named to the 2020 Inc. 5000 list of the fastest-growing private companies in America.
The company’s growth can be attributed to the escalation in cyberattacks, which is driving demand for CRITICALSTART’s MDR solution. As a result, CRITICALSTART’s MDR business has exploded, with growth of 101% in 2019, compared to the previous fiscal year. This rapid growth is driven by mid-size firms and enterprises looking for help combatting today’s complex and rapidly evolving human and machine-generated security threats.
Additionally, in 2019, the company raised $40 million in a Series A and was valued at $150 million. In less than a year and a half, the company has more than doubled its number of employees, with plans to double in size again in the next 16 months. To accommodate the increased business, CRITICALSTART expanded its headquarters by adding nearly 100 new employees and an additional 33,000 square feet of office space.
“We’re honored to be recognized by Inc. as one of the fastest growing private companies in America,” said CEO Rob Davis. “While the rate at which cyberattacks and breaches occur is skyrocketing, CRITICALSTART stands ready to meet the needs of enterprises as we scale our growth to stay ahead of customers’ cybersecurity needs.”
About CRITICALSTARTCRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn, or Facebook.
PLANO, Texas, Aug. 4, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, is proud to announce that CRN®, a brand of The Channel Company®, has named CRITICALSTART to its 2020 Fast Growth 150 list. Each year, CRN® recognizes the fastest-growing technology integrators, solution providers, and IT consultants across North America for the substantial growth and performance they’ve achieved over the previous two years. The elite group of companies named to this year’s list have generated a combined total revenue of more than $37.8 billion between 2018 and 2019.
The company’s growth can be attributed to the escalation in cyberattacks, which is driving demand for CRITICALSTART‘s MDR solution. As a result, CRITICALSTART‘s MDR business has exploded, with growth of 101% in 2019, compared to the previous fiscal year. This rapid growth is driven by mid-size firms and enterprises looking for help combatting today’s complex and rapidly evolving human and machine-generated security threats.
“We’re honored to be named to the CRN 2020 Fast Growth 150 list,” said CEO Rob Davis. “While the rate at which cyberattacks and breaches occur is skyrocketing, CRITICALSTART stands ready to meet the needs of enterprises as we scale our growth to stay ahead of customers’ cybersecurity needs.”
Today’s solution providers vie for market share within the highly competitive, fast-paced IT channel, making sustained growth and profitability noteworthy achievements. Ranking within the top 150 requires companies to continuously evolve with the seismic shifts taking place within the marketplace. The 2020 Fast Growth 150 list recognizes these companies’ extraordinary accomplishments and dedication to the IT channel.
“Evolution within the IT ecosystem is occurring at breakneck speed. The CRN® 2020 Fast Growth 150 list highlights the achievements of elite industry-leading companies in the IT channel and their ability to innovate in an ever-changing market,” said Bob Skelley, CEO of The Channel Company®. “The extraordinary group of companies on this year’s list serve as an inspiration, setting an exemplary level of excellence for us to follow. We are excited to honor these industry leaders and wish them continued success in the years to come.”
A sampling of the 2020 Fast Growth 150 list will be featured in the August issue of CRN® Magazine. You can view the complete list online at www.crn.com/fastgrowth150.
About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn ,or Facebook.
About The Channel Company®
The Channel Company® enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com
Follow The Channel Company®: Twitter, LinkedIn, and Facebook
Copyright ©2020. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.
With the recent household device hacks in the news, CRITICALSTART’s VP of Professional Services, Sanjay Parikh, sat down with Brandon Butcher and Sarah Sager of WSAZ Studio 3 News to discuss the big question: can your car also be hacked?
Transcript:
BB: Welcome back, y’all. Sure, your computer can be hacked. We’ve all seen that kind of threat, of course. Even your phone, but there’s some new tech out there. What about your car, doorbell, fridge? I mean, how crazy is these things?
SS: Crazy! Ok, so I caught up with an expert who is breaking everything down for us.
SS: Smartphones, smart homes, smart cars. Internet-connected and enabled devices are continuing to skyrocket in popularity, but are buyers of these new technologies considering the security threat posed by these purchases?
SS: Vice President of Professional Services at CRITICALSTART, Sanjay Parikh, is joining us today in Studio 3. Good morning, Sanjay. How are you?
SP: Good morning. I’m doing fine, thank you.
SS: So first, I want to ask you, it seems unimaginable that a hacker could remotely control your car, but is it possible?
SP: It is possible. The likelihood today is less possible right now. But the ability to access certain components of your car, such as, in 2016, in the Nissan Leaf, they were able to identify changes in the climate control and the ability to track your trip data. So knowing where you’re going and how you’ve been there. So, things like that. They did, in 2015, identify where they could control a Jeep, but these are not very likely because of the ability to purchase a car and the amount of cost it takes and the time to perform the hack.
SS: But it’s still just as scary to think that someone can know where you’re going, track when you’re going there and how long you are staying there.
SP: Absolutely and the same thing for your house, as well.
SS: It is. Are there some cars that more vulnerable to this kind of hacking than other cars?
SP: No, it’s pretty much across the board. It’s more about the IoT devices because there’s no security regulations or standards around these devices, hardware, or software. It’s just based upon the ability to try these different applications or hardware and seeing if somebody can exploit the vulnerabilities.
SS: You mentioned earlier household appliances. We’ve all talked about smart homes. Are these also vulnerable to being hacked?
SP: 100%. We had the recent story around the ring camera where people were getting into the ring camera and spying on the people as they performed their daily functions. So the ability for consumers to change their default passwords and make it a little bit strong of a password or make sure that there is two-factor authentication, similar to when you receive a code on your phone and you put it in so that it’s not just a general user ID and a password, would make it a little stronger.
SS: We’ve all heard about cellphone breaches. They’ve been very well-publicized. We’ve heard about doorbells like you were mentioning the ring camera, other household connected appliances, and items being compromised. One thing that sticks out to me is also baby monitors. We’ve seen videos where those have also been compromised, people talking to your children. At CRITICALSTART, is there something that you guys recommend beyond just changing the password to keep your house, even your car, safe?
SP: Like I said with the configuration, so changing the default. Don’t just set it up and accept all the default settings. Make sure you set it up with a stronger password, multi-factor authentication that will change most of the time. And also, make sure that any of your devices that don’t need internet access, because basically everything that you are purchasing today, such as your fridge, potentially your stove, TVs, anything like that can get access. So only the items that you want to get access to the internet, those are the only ones that you want to enable.
SS: Ok, any other tips for our viewers today, Sanjay?
SP: No, just stay educated on these different devices, and usually they will provide updates in the news or on the internet, and then if you can update them with the different patches then that will help you try to stay ahead of the times.
SS: Ok, thank you for this enlightening information. We appreciate you being here today.
SP: Thanks, Sarah.
Despite the recent hacking of high-profile users’ Twitter accounts, and reports that Russia continues its attempts to penetrate U.S. institutions and government entities, cybersecurity remains something that campaigns are thinking about only when there’s an issue.
“Campaigns do not talk publicly about the precautions they’re taking,” said Brian Franklin, co-founder of Campaign Defense, a cybersecurity training firm. “But while I think state parties are making slow progress, most campaigns seem to be ignoring the issue and addressing only when a problem comes up. The lack of discussion about it is concerning and will likely be an increasing problem as we get closer.”
Some experts are advising political professionals to operate with an “assume breach mentality” from now until Election Day.
It’s advice they’re offering not just to campaign professionals but also to advocates and reporters covering the national horserace and even think tanks.
“As we’re entering this period between now and November, I think it’s absolutely to be expected that there will be a higher level of activity,” Jan Neutze, who heads Microsoft’s Defending Democracy Program, told C&E in a recent interview.
Practitioners need to have the mindset to be constantly monitoring and investigating their own and their organization’s digital protections, Neutze said.
While cyber threats had decreased early on during the pandemic, they’ve spiked back up, he said. “We’re seeing a constant drumbeat of nation-state activity.”
He added: “One of the things that is so challenging is the combination of cybersecurity threats and then exploiting that for disinformation purposes.”
In terms of specific threats, Neutze said domain spoofing remains a popular avenue of attack, one that involves hackers creating a fake domain that looks like an organization from which the recipient would expect to receive emails. Another is “password spray attacks.”
“They try in large volumes to essentially crack passwords,” he said, noting that multi-factor identification deployed across your entire digital ecosystem “can really help secure yourself against these types of attacks.”
Campaigns remain a prime target, but if hackers or cyber criminals don’t have luck with the organization itself, they’ll start to target its vendors and advisors.
“Security is only as good as its weakest link,” Neutze said. “That’s why it’s imperative that campaigns are very intentional about what technology they use and the minimum baselines they set for folks they have to share files with and so on.”
As part of its Defending Democracy Program, Microsoft recently made available patches for Windows 7, which was released in 2009. The company had pledged to support the software for a decade but extended that because “a relatively small but still significant number of certified voting machines in operation [are] running on Windows 7,” it said in September.
“We didn’t want there to be any reason whatsoever why folks wouldn’t have access to these security patches,” said Neutze. “Some [elections officials] have the challenge that due to budget limitations they’re running some legacy applications and software where patches don’t exist anymore.”
In fact, some cybersecurity experts view voting infrastructure as possibly a bigger target for countries like Russia that are bent on electoral interference.
“The biggest problem that makes this threat real, is it’s not impossible for nation-states to gain access to these [voting] devices even a year before the election happens,” said Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, a cybersecurity services provider.
He advised elections officials to use network monitoring services and industry-standard encryption when data is at rest and when it’s sent.
“If I vote for person X and that becomes a data point that’s sent to another device, it’s signed before it’s sent,” said Rhoads-Herrera. “That just confirms that data hasn’t been altered. That’s a common practice in things like banking apps.”
The recent HBO documentary “Kill Chain: The Cyber War on America’s Elections,” highlighted the vulnerability of many voting systems in America today.
Rhoads-Herrera echoed that, noting that most companies don’t want their machines tested by outside experts for fear that the vulnerabilities could be shared publicly.
“These developers of voting machines, they’re not looking for widespread testing of their machines,” he said. “It’s an extremely real risk.”
Featured in Campaigns and Elections | July 24, 2020
China vowed to retaliate Wednesday after the United States abruptly ordered the closure of its consulate in Houston, a move that further inflamed tensions between the two superpowers.
Wang Wenbin, a spokesman for China’s foreign ministry, said China was notified on Tuesday that it must close the consulate within 72 hours. In a regular daily news briefing, he described the action as an “unprecedented escalation” and said China would “react with firm countermeasures” if the U.S. does not revoke the decision.
State Department spokesperson Morgan Ortagus said in a statement that the closure was “to protect American intellectual property and American’s private information.”
“The United States will not tolerate the (People’s Republican of China’s) violations of our sovereignty and intimidation of our people,” Ortagus said. It is unusual but not unprecedented for the U.S. to close another country’s consulate.
Secretary of State Mike Pompeo declined to explain what triggered the decision when pressed on the matter during a news briefing in Copenhagen, where he was meeting with Danish officials. But he raised long-standing U.S. accusations that China’s government is stealing American intellectual property.
He also brought up the Department of Justice’s indictment Tuesday of two Chinese hackers charged with stealing trade secrets from hundreds of global targets and, more recently, probing for vulnerabilities in U.S. companies involved in the development of COVID-19 treatments and vaccines.
“President Trump has said, ‘enough,’” Pompeo said. “We’re not going to allow this to continue to happen.”
Pompeo did not elaborate on the allegations of spying over treatments and vaccines, nor did he say whether the closure of the Houston consulate had anything to do with that case.
Sen. Marco Rubio, R-Fla., who chairs the Senate Select Committee on Intelligence, said in a tweet that “#China’s Houston consulate is a massive spy center” and added that “forcing it to close is long overdue.”
Rubio said China’s consulate in Houston “is not a diplomatic facility” and suggested it is staffed with spies. “It is the central node of the Communist Party’s vast network of spies & influence operations in the United States … This needed to happen.”
The U.S. move marked “a major escalation” in U.S.-China tensions, said Scott Kennedy, an expert on China with the the Center for Strategic and International Studies think tank.
Tuesday’s decision was “nearly unprecedented,” he said, noting the only other similar incident came in 2017, when the Trump administration closed two Russian compounds in retaliation for Moscow’s interference in the 2016 presidential election.
“All governments engage in spying from home and via their diplomatic facilities abroad … including the United States,” Kennedy added. “So the question is, was the Houston consulate doing things that are beyond the typical type of intelligence gathering that is standard practice.”
So far, he said, the Trump administration’s statements have not addressed that.
Sen. Mark Warner, the top Democrat on the intelligence committee, questioned whether the consulate closure would have any impact on China’s malign behavior, and he criticized the Trump administration for taking an erratic approach to China’s aggression.
“I do not believe for an instant that this action will stop that threat, but hopefully the Chinese Communist Party will take it as a signal that their actions have consequences,” Warner said in a statement to USA TODAY. “I am equally hopeful that the White House will finally take this issue seriously and work to address it with smart and thoughtful policies, instead of engaging in escalatory actions and intermittent failed trade wars followed by interludes of admiration for the Chinese authoritarian regime.”
Wang said the consulate was operating normally.
Local media in Houston reported Tuesday that documents were being burned in a courtyard at the consulate. Texas fire and police officers responded to the reports of a fire. It was not clear if they were permitted to enter the property in Houston’s Montrose neighborhood.
“You could just smell the paper burning,” a witness at the scene told KPRC 2, an NBC-affiliate television station.
China’s consulate in Houston could not immediately be reached for comment.
In an interview with Fox News, Rubio said its normal procedure to start destroying documents when an embassy or consulate is closed.
“For us, the Marines are in charge of doing that if someone closes our embassy. So they’ll burn documents and shred documents and destroy computers and so forth,” he said. He said he expects China to close a U.S. diplomatic facility in China in retaliation.
U.S.-China relations have been battered by a rift over the coronavirus pandemic, strained trade relations and Beijing’s move to assert more authority over Hong Kong. In recent weeks, both nations have slapped sanctions on each other’s officials.
In addition to its embassy in Washington, D.C., and the consulate in Houston, China has consulates in Chicago, Los Angeles, New York City and San Francisco.
“The U.S. has far more diplomatic missions and staff working in China. So if the U.S. is bent on going down this wrong path, we will resolutely respond,” Wang said.
The U.S. has consulates in Chengdu, Guangzhou, Shanghai, Shenyang and Wuhan. .
The U.S. Embassy is located in Beijing.
Rob Davis, CEO of Texas-based CRITICALSTART, a cybersecurity firm that monitors threats from state-aligned actors, said the Trump administration’s ordered closure of China’s consulate in Houston could lead to more hacking against American interests.
“It is no secret that Chinese state actors have long been suspected of engaging in espionage on U.S. soil, including those serving in official roles. The Houston consulate is no different, and it is possible that this is just the tip of the iceberg,” he said.
Feature in USA TODAY | July 22, 2020
WASHINGTON – Fearing nightmare scenarios such as attacks on voter registration databases and state websites tallying results, U.S. officials are leading simulated training exercises to get ready for Nov. 3.
The “tabletop exercises,” to be held virtually because of coronavirus, will include thousands of state and local election officials in addition to intelligence and cybersecurity officials in Washington amid concerns about threats from Russia, China, and other countries.
“We try to make it a pretty bad day,” said Matthew Masterson, an adviser with the Cybersecurity and Infrastructure Security Agency, or CISA, part of the Department of Homeland Security. CISA is charged with helping to protect the nation’s critical infrastructure from cyber and physical attacks, including its election systems.
Still, Masterson and other experts say the U.S. is now far better prepared to weather potential election meddling by Russia or other foreign adversaries than in 2016 when the Kremlin hacked into Democratic Party emails and orchestrated a sophisticated disinformation campaign designed to help elect then-candidate Donald Trump.
CISA officials have worked with state and local election authorities to identify vulnerabilities in voter registration databases, dispatched cybersecurity experts to look for intrusions, and improved communication among states, campaigns, and U.S. intelligence officials about the threat landscape. The training exercises will game out scenarios, including foreign disinformation campaigns, cyberattacks on election infrastructure, or simply overwhelmed and understaffed polling places across the country.
Yet the threat has also morphed, with adversaries such as China, Iran, and North Korea joining Russia to meddle in U.S. politics and using ever-changing tools and tactics. Meanwhile, some fear the U.S. political climate is so polarized – due to coronavirus and tensions over police violence and other divisive issues – that America’s enemies will have a lot of fodder to work with as they seek to stoke discord.
“They don’t need to make any fake news this time around because there’s just constant disinformation all across the political landscape,” said Clint Watts, a research fellow with the Foreign Policy Research Institute, a think tank. “It’s free ammunition.”
Here’s who could mess with the 2020 presidential election.
Russia remains the most concerning foreign actor in terms of U.S. election interference, although there is a growing focus on China and Iran as well, according to a U.S. intelligence official who was not authorized to speak on the record.
Intelligence officials told lawmakers in the House of Representatives in February that Russia was already interfering in the 2020 campaign to try to get Trump re-elected, according to the New York Times and other outlets.
In a recent analysis, Watts noted that last year, Facebook took down accounts associated with a Kremlin’s troll farm that was promoting Trump, denigrating his Democratic opponent, Joe Biden, and boosting Bernie Sanders, one of Biden’s primary opponents. And in March, Facebook closed another Russian troll farm operation that appeared to be trying to infiltrate American minority groups on Facebook and Instagram, “presumably hoping to divide the political left and influence voters headed into Election Day,” he said.
Rob Davis, CEO of CRITICALSTART, a Texas-based company that monitors security breaches from nation-states and advises its clients about defensive measures, said that Moscow, in a re-run of 2016, will most likely use aggressive social media campaigns and targeted cyber operations to try to smear candidates and aggravate social tensions on issues such as race and immigration. Russian hackers could also renew attempts to hack voter databases and compromise U.S. election infrastructure.
“Russia’s goal is to be disruptive. Often it has no agenda beyond that,” Davis said.
China insists it has no interest in meddling in the U.S. election despite repeated accusations from Trump that Beijing prefers Biden and that “China will do anything they can do to have me lose this race.”
Google disclosed in June that hackers based in China sought to infiltrate the email accounts of staffers working on Biden’spresidential campaign. But there is little further concrete evidence that China is waging a sophisticated operation aimed at backing a specific candidate or wants to remove Trump, even though Washington and Beijing have drifted toward a new Cold War amid tensions over the coronavirus pandemic, trade, territorial disputes in the South China Sea and human rights.
China doesn’t like Trump, said Watts of the Foreign Policy Research Institute, but because Trump has overseen a U.S. retreat from the world stage, that has given Beijing a freer hand to extend its own influence. And China’s President Xi Jinping is more interested in crushing Chinese dissidents, stealing intellectual property and expanding the reach of its 5G network than in influencing the U.S. election, he said.
“China’s battle plan is more about espionage to access information and spying on political parties to get a potential preview of U.S. policy changes or shifts regarding the military and planning for different outcomes,” said CRITICALSTART‘s Davis.
Google also said in June that Iran-based hackers tried to gain access to Trump campaign accounts, and Microsoft said late last year that Iranian hackers, with apparent backing from the government in Tehran, had made more than 2,700 attempts to hack into the email accounts of current and former American government officials, journalists covering political campaigns and accounts associated with a presidential campaign.
The earlier hacking attempts coincided with a period when the Trump administration was imposing additional sanctions on Iran after the U.S. pulled out of a nuclear deal with Tehran and world powers, dealing a major blow to Iran’s economy.
But Iran, according to Watts, has “very limited reach” when it comes to spreading misinformation. “They can’t sustain the content the way the Russians and the Chinese do,” he said, adding that in terms of cyberattacks “they’re kind of reckless and silly, and they get caught a lot, which is why we keep hearing about it.”
One example:
In early January, the Federal Depository Library Program’s website was briefly taken offline after a hacker uploaded photos to the site that included an Iranian flag and an image depicting a bloodied Trump being punched in the face.
The website was also modified to say: “Hacked by Iran Cyber Security Iranian Hackers: This is only (a) small part of Iran’s cyber ability!”
“Whether it’s threats of Chinese interference, Iranian interference, Russian interference, or North Korean interference, any country – or even non-state actors who now have capabilities to try to meddle in our elections – know that this administration takes seriously its responsibility to make sure every American’s vote is counted, counted properly and that foreign influence is minimized in its ability to impact an outcome of an American election,” Secretary of State Mike Pompeo said during a forum on the future of national security hosted by The Hill newspaper on July 15.
But Trump continues to play down Russia’s malign role in the 2016 election. And rather than focusing on possible foreign interference, he has blasted Democrats for trying to expand mail-in voting amid the coronavirus pandemic, alleging without evidence that it is an invitation to fraud.
“RIGGED 2020 ELECTION: MILLIONS OF MAIL-IN BALLOTS WILL BE PRINTED BY FOREIGN COUNTRIES AND OTHERS. IT WILL BE THE SCANDAL OF OUR TIMES!” the president tweeted last month.
Voting experts and officials have characterized Trump’s allegations as a bogus conspiracy and noted safeguards that states use to protect the authenticity of absentee ballots and envelopes.
Lawrence Norden, director of the Election Reform Program for the Brennan Center for Justice at the New York School of Law, called Trump’s assertion “nonsense” and noted that mail-in ballots must be returned in secrecy envelopes created by local election authorities. He said the envelopes are bar-coded in many states with a unique identifier that ties the ballot to the voter.
“(Trump’s) rhetoric is right out of the Russian playbook” and “designed to cast doubt about our democratic processes and about the integrity of elections,” said Elaine Kamarck, an expert on American electoral politics and a senior fellow in governance studies with the Brookings Institution, a left-leaning think tank.
“I can’t imagine what a foreign adversary can do that the U.S. isn’t already doing to itself” in terms of fueling division and churning out disinformation,” Watts said.
Less than four months to the vote, there are signs of the different forms this disorder could take on Election Day:
Robby Mook, who ran Hillary Clinton’s 2016 presidential campaign and now works on a Harvard University project to develop strategies and tools to protect U.S. elections against foreign attacks, said he was less worried about Russian hacking than about massive logistical problems on Election Day exacerbated by the pandemic.
“We’re hacking our own election by not resourcing it well,” Mook said in an interview with Campaign HQ, a political podcast. Local election officials “don’t have what they need to be robust when trouble comes.”
Perhaps most worrying of all – what CRITICALSTART‘s Davis described as “terrifying” – is if either the American public or the candidates themselves don’t believe the official results are accurate. In an interview with “The Daily Show” host Trevor Noah last month, Biden warned that military officers could remove Trump from the White House if he loses the vote, but refuses to leave.
“I promise you, I’m absolutely convinced they will escort him from the White House with great dispatch,” Biden said. The Trump campaign responded to Biden by saying: “President Trump has been clear that he will accept the results of the 2020 election.”
Featured in USA TODAY | July 17. 2020
PLANO, Texas, July 16, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, announced Thursday that it has become a member of the Microsoft Intelligent Security Association (MISA). MISA is an ecosystem of independent software vendors and managed security service providers that have integrated with Microsoft Security to better defend against a world of increasing threats. Earlier this year, CRITICALSTART incorporated Microsoft Azure Sentinel, a cloud-native security information and event management (SIEM) system, into its MDR platform.
Because of an increased demand for a closely interwoven security ecosystem, MISA is growing, and it is launching an invitation-only pilot program in July of 2020 for select managed security service providers, including CRITICALSTART.
MISA members are comprised of organizations from across the cybersecurity industry, unified by the common goal of putting customer security first. Each new member brings their own valuable expertise, making MISA even more effective with each expansion. By including MSSPs in MISA, Microsoft hopes to further enable collaboration between leading security technology companies so that together, Microsoft and MISA members can deliver better protection to joint customers.
“We are thrilled to expand our collaboration with Microsoft by joining the Microsoft Intelligent Security Association so that we can reach an even broader audience with our MDR services,” said Rob Davis, CRITICALSTART founder and CEO. “As part of this ecosystem, we are well positioned to continue leading in the fight against malicious online actors and increased cyber threats.”
Mandana Javaheri, Global Director of Business Development, Cybersecurity Solutions Group at Microsoft said, “Due to the growing number and sophistication of security threats proliferating across the globe, we see great value in achieving strength through numbers. By adding proven partners like CRITICALSTART to the Microsoft Intelligent Security Association family of security solutions, we are helping to better combat threats to customers worldwide.”
About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn or Facebook.
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences.
Most organizations have a variety of defensive cybersecurity measures in place, including firewalls, intrusion detection systems/intrusion prevention systems, antivirus and other endpoint security tools that record, analyze and report on thousands of events every hour. This results in a nonstop flood of alerts that security teams must prioritize and investigate to discern whether the threats are serious.
Each alert requires a significant amount of qualified human resources that, for most security teams, are in short supply. This leaves those tasked with the job overloaded and enables true attack alerts to get lost in the noise of false positives.
Nearly half of respondents to a 2019 CRITICALSTART survey reported that 50% of alerts or higher are false positives. To address this alert fatigue, 57% of respondents tune specific alerting features or thresholds to reduce the alert volume, while another 39% simply ignore certain alert categories.
These approaches can produce disastrous consequences. One notable example of what happens when alerts are ignored is the Target data breach of 2013, where 40 million card records were stolen. Despite numerous alerts warning of the unfolding attack, Target did not react in time because similar alerts were commonplace and the security team incorrectly classified them as false positives.
As organizations’ data and IT infrastructures spread out across the cloud, the number of alerts is only going to increase and exacerbate the situation. It’s a difficult problem for CISOs, as the only plausible option is to reduce the number of alerts their team is required to inspect.
Triggering thousands of alerts daily that are never investigated or are casually dismissed as false positives add no value to security operations. It only creates opportunities for important alerts to be missed because there is not enough time to review them.
Reducing the number of alerts lowers the chance of false positives and improves alert accuracy: Any alerts that are generated will contain actionable insight to help the security team investigate them, including details on the chain of events that lead to an alert.
However, it is exceedingly difficult to create rules that narrow down anomalous events and threats to a manageable number of alerts, especially in security systems that cover all user activities. Machine learning and AI have long been touted as the future of detecting patterns of behavior that deviate from the norm, even in subtle ways. However, until recently, these technologies have struggled to stem the tide of alerts. New cloud-based approaches to offset alert overload are coming to the market that concentrate on producing less — but more significant — alerts based on their context.
CRITICALSTART, FireEye and Palo Alto Networks offer services that prioritize and present a contextualized alert. These alerts include details such as the root cause, the entire attack chain, the entities involved and a damage assessment that includes easy-to-digest graphics. With information about a potential problem presented in this format, security analysts can properly analyze and correctly respond to alerts.
Of course, it’s not just an organization’s security teams that must deal with daily security alerts. On an average day, employees at all levels are likely to receive some sort of alert to avoid opening a suspicious email attachment, to not click on a potentially malicious website, or to not share their passwords.
It’s important that employees pay attention to these warnings and reminders, but perimeter defenses should prevent most malicious inbound traffic from reaching the end-user to reduce the number of warnings their antivirus program needs to generate. Security awareness programs can help educate the user about how to evaluate and utilize the information received in the email or text notifications they regularly receive.
Security alert fatigue is so challenging because technology cannot eliminate human error entirely. But eliminating useless alerts and making the necessary ones more meaningful can prevent security teams from being overwhelmed with alerts that ultimately are overlooked or ignored altogether.
Feature in TechTarget Security | July 16, 2020
LOS ANGELES (CBSLA) — The federal income tax deadline is Wednesday, after being postponed from its typical April 15 date due to the coronavirus pandemic.
The IRS says it has a huge backlog of paper tax returns because so many IRS employees have been working from home. Millions of taxpayers who filed paper returns have not yet received their refunds, even months after sending them in. Paper returns are being processed in the order they have been received, so taxpayers should not call or file a second return, according to the IRS.
IRS’s website is encouraging taxpayers and tax professionals to file electronically because processing paper returns can take several weeks longer than usual.
Those who need more time can file for an extension, and delay filing until Oct. 15, but will still have to pay what they owe at that time or be subject to penalties and late fees.
Experts are also warning people to be on the lookout for email and phone scams targeting panicked filers.
“A lot of the scams that we see during the tax season, especially on Tax Day, are a lot of phishing attempts to both individuals as well as tax preparers,” Quentin Rhoads-Herrera, a cybersecurity expert, said.
Rhoads-Herrera, of CRITICALSTART, said scammers are usually trying to get sensitive personal information or money.
“The most common one we’re seeing currently is a phishing attempt, a fake email being sent, claiming that they’re from the IRS to the individual stating that if they don’t pay by a certain date, their social security number will be turned off or canceled,” Rhoads-Herrera said.The IRS said that if people can’t pay the full amount they owe, they should pay what they can and arrange a payment plan, apply to defer payment to a later date or request penalties be waved due to economic hardship — though people will still be on the hook for the interest.
Those who have not yet filed their taxes can do so online through the IRS website.
Featured on CBS Los Angeles | July 15, 2020
NBC News and Boston 25’s Blair Miller interviews Quentin Rhoads-Herrera of CRITICALSTART‘s TEAMARES about the vulnerabilities associated with contact tracing and how hackers are targeting companies and individuals through these apps.
Video Transcript:
M. Davenport: Health officials want to know how people are contracting the Coronavirus, who they are catching it from, but one of the methods for finding out is coming under fire and it could be exposing you to hackers. Blair Miller found what has some people so worried and why you could be at risk.
B. Miller: Contact tracing is a way for states to identify who’s had the virus and then figure out who has had contact with that person. It’s supposed to help figure out how the virus is spreading and prevent it, but it’s also raising a lot of red flags for cybersecurity experts.
B. Miller: State health officials are pushing for communities to trace the virus from person to person in an effort to know how widespread it is.
M. Sudders: Answering the call and sharing information about your close contacts helps us track the spread of the virus and keeps us all safe.
B. Miller: Contact tracing involves people giving their information through web-based apps or through a phone call so that health groups can then pinpoint the spread, but cybersecurity groups are warning that hackers are using them too.
B. Miller: How widespread do you think this could be and the kind of problems that it leads to?
Q. Rhoads-Herrera: I think it could be very widespread.
B. Miller: Quentin Rhoads-Herrera researches cybersecurity problems and found that there is no single contact tracing method that health departments are using. A recent study of 17 government-sponsored apps found that less than a third had the kind of encryption methods needed to protect sensitive information.
Q. Rhoads-Herrera: We’ve seen, for the most part of this year, contact tracing phishing attempts at companies and people trying to trick them into giving bank account information, social security numbers, things of that nature.
B. Miller: As the Coronavirus cases climb in some states, the tracing will too. Rhoads-Herrera believes the attempts hacks will only get worse.
Q. Rhoads-Herrera: That’s the most critical piece. If you understand what’s going to be implemented, you can avoid all of those other shady applications.
B. Miller: If you are asked to be part of the contact tracing, make sure your health department is involved when doing this and make sure that you’re using the tools they suggest.
Leslie Toldo of NBC 25 Mid-Michigan Now News interviews CRITICALSTART‘s CTO, Randy Watkins, on the potential impact COVID-19 contact tracing apps on your cybersecurity.
Video Transcripts:
LT: With all of this going on and all of this in mind, it’s hard to know if you’ve already been exposed to coronavirus. There are some contact tracing apps available, but a tech expert from the security firm CRITICALSTART warns that if an app doesn’t use state data, it won’t be reliable. He says it’s vital to pay attention to alert exposures, like the ones we told you about this morning, and report symptoms and test results to loved ones and your employer right away.
RW: If you miss a common link, there is a potential that the actual origin of that outbreak could be entirely missed. The other big risk there is if you aren’t contacted because you don’t have these applications or you are not a part of this contact tracing method, you could be infected or you could be a carrier of the virus without knowing and unknowingly, unfortunately, spread it to more vulnerable family members.
LT: The state health department is doing contact tracing by phone and ask people to take any call that comes from the My COVID help number or your local health department.
Cybersecurity expert Rob Davis, CEO of Critical Start, talks to Hal of Fox 11 New in Los Angeles about the ways that hackers are taking advantage of the “work from home” efforts. He says that most home workplaces are much less secure than businesses, and that allows opportunities for cybercriminals to strike.
Davis says most hack attacks are now coming from overseas, as it makes it more difficult to find and prosecute them. He discusses the ways that hackers can gain an advantage over home workers, including phishing letters, intended to steal your credentials or install malware on your computer. He says the best protection against these attacks is to enable two-factor authentication on all your vulnerable websites.
Davis says that zoom has updated its software and if people enable the protections in it that “zoom bombing” will be prevented and that it is much less prevalent these days.
Featured in Fox 11 News | July 6, 2020
As COVID-19 cases rise, some people and government agencies are turning to contact tracing apps to help monitor the spread of the virus.
So how exactly does that work, and how much information do they get?
Carnegie Mellon University Professor Po-Shen Loh led a team developing NOVID, a contact tracing app designed to notify users when someone who self-reports testing positive for COVID-19 comes near them.
“As you’re walking around in public if you happen to be near somebody else who also has the app installed, the 2 apps communicate with each other through Bluetooth,” Loh said.
The NOVID app also uses ultrasound to improve accuracy. “We don’t just use only Bluetooth because it might accidentally miscategorize people as being together when they were separated by a wall,” Loh said.
The contact tracing app being developed in a joint effort by Google and Apple also uses Bluetooth, but neither uses GPS.
Both apps’ creators say the information collected remains anonymous.
“As soon as you install the app it generates random user ID that has nothing to do with you. It doesn’t tell your name or your phone number,” Loh said.
If you search contact tracing in the app store, a multitude of different apps some up, so you need to be careful what you download. Cybersecurity experts say to especially avoid the ones that use GPS.
“I’d be concerned about all the info that could be available for a hacker to get, personal info, location, where you’ve been, have you had a positive test for COVID-19, those are things that should be kept private,” said CRITICALSTART CEO Rob Davis.
Recent polls show 60% of Americans are wary about using these apps.
“There’s a lot of people because of distrust of government or Apple or Google and concerns about privacy are not using these apps,” Davis said.
Loh said more than 40,000 people have downloaded the NOVID app, and Pennsylvania’s State Health Department said it is working on an app to use the Apple-Google platform.
“The biggest problem is getting enough people to utilize these applications so the automatic contact tracing becomes useful,” Davis said.
Overcoming that hurdle will be necessary to make these apps truly effective.
Featured in WPIX-TV 11 | July 2, 2020
PLANO, Texas, June 25, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, today announced that it has been recognized as a Best Employer and Place to Work in the Channel Partner Insight MSP Innovation Award. CRITICALSTART was selected for this award based on its track record of attracting and retaining top talent.
Cybersecurity is a highly competitive industry with scarce talent. Accordingly, CRITICALSTART‘s priority is keeping talent on board and happy with the work they are doing. Beyond perks and incentives such as equity in the company, unlimited PTO, matching 401K, and workout and nap rooms, CRITICALSTART was recognized for its unique culture based on three core principles: do what’s right for the customer, do what’s right for our employees, and don’t do things that suck. The company delivers on these principles through open, two-way communication with the team and a culture of caring that starts at the top. Employees value and see these principles in action every day with employee events like chili cook-offs, spontaneous barbecues, birthday celebrations each month, and more.
“The war for talent will play – and is already playing – a critical role in the workplace culture of the future, especially in the cybersecurity industry, which currently has a 0% unemployment rate,” said Rob Davis, founder and CEO of CRITICALSTART. “Our hiring profile is geared towards hiring internally motivated people with a drive for excellence. Our culture is what initially attracts phenomenal candidates to CRITICALSTART. My job as CEO is to create a workplace environment and culture that allows these talented employees to thrive. It’s energizing to be part of a team where you are confident that you can count on the people around you. Beyond that, we’re staying ahead of the competition by offering creative perks and equity to incentivize our team.”
About CRITICALSTARTCRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn or Facebook.
PLANO, Texas, June 2, 2020 /PRNewswire/ — CRITICALSTART, a leading provider of Managed Detection and Response (MDR) services, announced today that CRN® a brand of The Channel Company, has named CRITICALSTART to its 2020 Solution Provider 500 list. Each year, CRN releases its list of top 500 solution providers, a ranking of the leading IT channel partner organizations across North America by revenue. CRN’s Solution Provider 500 list serves as the industry’s benchmark for recognizing the top-performing technology integrators, strategic service providers, and IT consultants, and as a valuable resource for technology vendors looking to partner with top solution providers.
With evolving cyberattack methods and legacy models of accepting risk, enterprise organizations are left exposed to breaches at significant risk. Every alert needs to be resolved. CRITICALSTART‘s MDR solution solves this problem by resolving every alert to stop breaches, leaving nothing to chance.
We offer our MDR service through our nationwide network of channel partners. By expanding our role as trusted advisor, we’re able to deliver solutions that fill a critical vulnerability left by the shortage of headcount, alert overload and limited security resources.
“Being named to CRN’s 2020 Solution Provider 500 List symbolizes a year of growth and achievement at CRITICALSTART, and this success is due to the dedication and commitment of our employees to deliver excellent service to our customers,” said Rob Davis, CEO at CRITICALSTART.
“CRN’s Solution Provider 500 list showcases the top IT channel partner organizations across North America,” said Bob Skelley, CEO of The Channel Company. “This year, companies on this list represent a combined revenue of $393 billion, a data point that underscores the impact and influence these solution providers have on the IT industry. On behalf of The Channel Company, I’d like to congratulate these companies for their outstanding contributions to the growth and success of our industry.”
CRN’s complete 2020 Solution Provider 500 list is available online at www.CRN.com/SP500 and a sample from the list will be featured in the June issue of CRN Magazine.
About CRITICALSTART
CRITICALSTART is the MDR expert that leaves nothing to chance. Our mission is simple: detect threats and stop breaches by resolving every alert for our customers. We do this for enterprises through our award-winning portfolio of end-to-end security services, including MDR and Professional Services. Visit criticalstart.com for more information or follow us on Twitter, LinkedIn or Facebook.
About The Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com
Follow The Channel Company: Twitter, LinkedIn and Facebook
Copyright ©2020. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.
According to a new report from the Neustar International Security Council (NISC), over one-quarter of security alerts fielded within organizations are false positives. Surveying senior security professionals across five European countries and the U.S., the report highlights the need for more advanced and accurate security solutions to help reduce alert-wary cybersecurity teams overwhelmed by massive alert volumes.
Following are some of the key highlights from the report:
More than 41% of organizations experience over 10,000 alerts a day. That said, many of them are not critical. Teams need to be able to quickly differentiate between low-fidelity alerts that clutter security analysts’ dashboards and those that pinpoint legitimate potential malicious activity. This expanding volume of low-fidelity alerts has become a source of “noise” that consumes valuable time — from developers to the security operations center (SOC). Thousands of hours can be wasted annually confirming if an alert is legitimate or a false positive.
While security tools may trigger alert notifications, this doesn’t mean the activity is malicious. Security configuration errors, inaccuracies in legacy detection tools, and improperly applied security control algorithms can all contribute to false-positive rates. Other contributing factors include:
Another reason for the deluge in alerts is the fact that many companies deploy multiple security controls that fail to correlate event data. Disparate events may not be linked, with the tools used by security analysts operating in separate silos with little consolidation. Log management and security information and event management (SIEM) systems can perform a correlation between separate products, yet they require significant customization to accurately report events.
Tools like these often require a security analyst to confirm the accuracy of the alert—namely, if it’s a true legitimate alert or false positive. While these types of solutions can coordinate and aggregate data to analyze alerts, they don’t address the challenges posed by high rates of false positives.
Further complicating matters are intrusion detection and prevention systems (IDS/IPS) that cannot accurately aggregate multiple alerts. For instance, if a single alert shows that an internal system attempted but failed to connect to an external IP address 50 times, most tools will generate 50 separate failed connection alerts, versus recognizing it as one repeated action.
The time it takes to investigate and validate a single alert can require a multitude of tools just to decide if an alert should be escalated. According to a report by CRITICALSTART, incident responders spend an average of 2.5 to 5 hours each day investigating alerts.
Unable to cope with the endless stream of alerts, security teams are tuning specific alert features to stem the stream of alerts to reduce volume. But this often ratchets up risk, as they may elect to ignore certain categories of alerts and turn off high-volume alert features.
As a result, one of the challenges development teams have in managing alert fatigue in application security (AppSec) is finding the right balance between setting liberal controls—that could potentially flood systems with alerts—and more stringent alert criteria that could find teams subject to false negatives.
While false positives may be annoying and burden teams with additional triage requests, false negatives tend to be more nefarious, because the functionality of an application that is tested is erroneously flagged as “passing” yet, in reality, it contains one or more vulnerabilities. For AppSec teams, the objective is having the ability to detect valid threats that provide quality alerts, supported by the context and evidence to inspect them accurately and continuously.
Fortunately, technologies like instrumentation help automate security testing to reduce false positives and false negatives.
Instrumentation is the ability to record and measure information within an application without changing the application itself. Some current “flavors” of security instrumentation today include the following technologies:
By instrumenting an application with passive sensors, teams have more access to information about the application and its execution, delivering unprecedented levels of speed and accuracy in identifying vulnerabilities. This unique approach to modern AppSec produces the intelligence and evidence necessary to detect vulnerabilities with virtually no false positives and no false negatives.
At the end of the day, your security tools need to give you less, but significant, alerts that contain the correct intelligence to best inform your security and development teams. With technologies that use instrumentation, like SCA, IAST, and RASP, you can achieve high accuracy due to the visibility into an application and its runtime environment as code loads into memory to provide enhanced security logging for analytics.
Featured in DZone | June 1, 2020
Several apps could hold the future to a safe office after reopening.
Imagine you are going in to work. If you work in an office building, you probably have to go through the front doors, maybe past a security desk. You might even get on an elevator.
You may pick up some coffee or tea in the break room and say hello to a co-worker, before finally sitting down at your workspace.
Sounds pretty normal so far, but as many states begin the process of reopening as the novel coronavirus pandemic loosens its grip, experts say it’s time to start thinking about how to keep those workplaces germ-free.
Mark Ein, the CEO of Kastle Systems, a security company specializing in office buildings, told ABC News’ “Perspective” podcast that technology can play a role in monitoring surfaces around the building that could have the virus, starting at the front door.
“As you approach the building, the security app on your phone, which we [already] have today, will connect with the motorized door, because the app said that you’re authorized to come into the building, [and] the door will open automatically,” said Ein.
The same smartphone app can also save you from touching elevator buttons.
“[Instead of] pushing both the floor and that you need an elevator, you’ll put it in your app and the app will talk to the elevator, call the elevator and tell it where you’re going,” said Ein.
The app is part of a larger plan that Kastle has come up with called Kastle Safe Spaces. Ein said it’s designed as a framework employers can use as they start to bring workers back.
There’s even a version of an immunity passport scaled down for use around the office.
“At the point when we have widespread testing, if we also use antibody testing as a way to determine who is safe, all of those things can be entered into your health record and you can effectively get an easy pass if you’re known to be safe,” Ein said.
The easy passes can also work in reverse by tracking people who may not have symptoms, but could still be spreading the virus.
It’s a form of contact tracing, which is considered by the Centers for Disease Control and Prevention to be a key strategy in slowing the spread of coronavirus.
Apple and Google recently teamed up to develop their own tracing technology, but those strategies all address large populations.MORE: Google and Apple team up for contact tracing COVID-19 app
Howard Tiersky, the CEO of FROM, a digital marketing firm, developed an app designed specifically for the workplace by using the Bluetooth on your smartphone.
“It’s recording what we call an incident, and an incident is a period of time when you get closer than a certain threshold to another person with the app,” Tiersky told the “Perspective” podcast. “It’s generally around 7 feet and it records how long you were near that person, who the other person was and approximately how far away from them you were.”
There can be downsides to contact tracing in an office, according to Quentin Rhoads-Herrera, the professional services director at cybersecurity firm CRITICALSTART.
He told “Perspective” that it could make it easier for employees to identify sick co-workers, even if the data is anonymized.
“All of a sudden one person disappears, and now I’m getting an alert that I’ve been around somebody who has been infected with COVID-19. Well, I’m going to be able to make an assumption that was that person,” said Rhoads-Herrera.
That could have unintended consequences.
“Nobody wants to be shamed for something like COVID-19, or anything, and I think that would lead to that,” said Rhodes Herrera.
For his part, he said that it’s an employer’s responsibility to create a corporate culture where that type of shaming is not allowed, similar to anti-discrimination policies around gender, age or disability reporting.
Featured in ABC News | May 17, 2020
Quentin Rhoads-Herrera, director of professional services at CRITICALSTART, joins GDC to talk about the safety and privacy concerns stemming from new contact tracing apps.
Featured in FOX 32 Chicago | May 13, 2020
That’s what a lot of you have asked us. So, the Q&A team reached out to Quentin Rhoads-Herrera – a security breach specialist.
In mid-April Google and Apple launched a contact tracing app model that would allow people to offer up their location information in order to help stop the spread of COVID-19. But could that decision put users’ personal data at risk?
WUSA9 reached out to Quentin Rhoads-Herrera – Director of Professional Services at CRITICALSTART to find out. Rhoads-Herrera specializes in helping companies recover after they have experienced a security breach.
QUESTION:
Does the government need permission from a citizen in order to look at their cell phone data for contact tracing purposes?
ANSWER FROM RHOADS-HERRERA:
Yes. If you look at Google and Apple’s implementation, that they started in mid-April, the government only has access to the information that individual opts in to send. And the only government agency that should technically have access are health organizations.
Before we answer more questions about security, we want you to understand how the Bluetooth contract tracing model works. Take a look at this video:
According to the security company, CRITICALSTART, contact-tracing apps like the one built by Google and will constantly broadcast unique, rotating Bluetooth codes that are derived from a cryptographic key that changes once each day.
If you’re not a techie – according to CRITICALSTART, this is what that looks like in real life.
You’re going on your daily quarantine walk, you pass by a few people that are about five feet away, maybe you wave, then you sit on a bench and watch some dogs play in the park, you stay there for at least 5 minutes.
Then you decide to pop into a grocery store to grab some food for dinner. You’re also there for at least 5 minutes. Along the way, your phone, through the Bluetooth, has been keeping track of where you’ve been and who you’ve been around just in case you or one of the people you came into close contact with test positive of COVID-19.
CRITICALSTART says that at the same time, the app is constantly monitoring other phones within a certain amount of range and time. They said the app doesn’t know the exact longitude and latitude of users, instead, it works off of the unique Bluetooth codes.
When a user reports a positive COVID-19 diagnosis, CRITICALSTART says their app uploads the cryptographic keys that were used to generate their codes based on where they went over the last two weeks to a server.
All of the other app users that they unknowingly came into contact with would be able to download those daily keys and find out if they could possibly be at risk of infection.
According to Apple’s website, if the app finds a match in the codes, it will allow the positive user to generate an “exposure” notification to let other users know that their phones had been in the vicinity of the infected person’s phone during a given period.
CRITICALSTART says that the app can also send the potentially infected person information about self-quarantining or getting tested themselves.
QUESTION:
How many people would need to use the app in order to make it an effective tool for tracing the spread of COVID-19?
ANSWER FROM RHOADS-HERRERA:
I’ve heard everywhere from about 70-90% in order for this to be effective across the entire united states. The main problem is that there are so many different implementations, applications being leveraged.
According to Rhoads-Herrera, applications like the one built by Google and Apple are decentralized, which means they don’t store all users’ data in one place.
The data is left on the user’s phone and only combined with the information of other users when a positive diagnosis is confirmed and that the user has allowed their information to be shared. In those cases, the information is sent anonymously through the app.
“However if you look at the UK who has decided to build their own application, they’re going with a centralized model which means everything is being stored in a centralized data set,” says Rhoads-Herrera.
There are pros and cons to a decentralized system.
Rhoads-Herrera says it is safer in terms of security and privacy because all user data isn’t stored in one central hub like in the UK, but it lacks consistency in data because there can be many apps collecting data.
And once data saved to a centralized server is breached, Rhoads-Herrera says the hacker can get access to critical information like the location and identity of the user.
Featured in WUSA9 | May 12, 2020
Tennessee has just 25 percent of the recommended amount of contact tracers, leaving the state 1,500 people short for the critical disease mitigation effort.
The National Association of County and City Health Officials is recommending just over 2,040 in Tennessee for its population. Nashville has just 75 contract tracers which needs to be tripled to become adequate.
“This contact tracing is an essential tool we have to use to get everyone back to work,” said Democrat Mike Stewart from the TN House of Representatives. “I understand sometimes we have political disputes, Republican, Democrat, but everybody recognizes contact tracing is going to be an essential part of moving forward, so I do not understand these low numbers the department has.”
The Tennessee Department of Health has defended their contract tracing efforts by pointing to the work local health departments are doing and by saying they are training more tracers.
Stewart and several other state leaders have suggested arming furloughed health care professionals with the training they need to become contract tracers in their community.
“We need to fight coronavirus like we fight wars where you put everything on the table,” Stewart continued. “And I just don’t think our Department of Health is doing that.”
Representative Scott Cepicky, a Republican from Maury County, wrote a letter to his colleagues in the state house, encouraging them to join him in an effort to stop a program that shares the information of sick Tennesseans with law enforcement.
He wrote in the letter, “an issue of great concern is the infringement of personal privacy and liberty that is happening right now in Tennessee.”
On the cybersecurity front, Apple and Google are both offering anonymous location services data to help with contact tracing in some instances, but neither company has a history of compliance with government wants and wishes.
“Location data is notoriously easy to de-anonymize and identify individuals, thus resulting in the violation of your privacy,” said Quentin Rhoads-Herrera, a cybersecurity expert working as the Director of Professional Services for the firm CRITICALSTART.
Reporter Alex Apple asked Rhoads-Herrera, “What is your advice for people that are worried about this?”
“I would advise everyone to ask all the creators and storage holders of this data and applications to be as upfront as possible about how they’re storing this data and how they’re securing it,” he finished.
Featured in The CW Chattanooga | May 11, 2020
In late April, Gov. Andrew Cuomo announced the state’s partnership with Bloomberg Philanthropies for New York’s contact tracing program.
Last week, New York City started recruiting 1,000 workers to conduct contact tracing.
This week, privacy concerns about the initiative have emerged. The focus was not as much on flaws on the tracing program as it was on how little is known about who will get to see the data and how it will be protected.
In a letter sent to the governor last Friday and released to the media on Monday, Public Advocate Jumaane Williams asked Cuomo to address questions about how New York will protect civil liberties and people’s privacy. “We cannot sacrifice protections and civil liberties in the name of speed … To maintain public trust, transparency is key.”
The Public Advocate requested information about the role technology will play in New York’s contact-tracing process and how the state will ensure no third party agency will be able to access data collected through contact tracing.
Williams also asked Cuomo to clarify who will get access to the data, what systems will be used to log and monitor it, and what research will guide how long contact tracing data stays in use.
A new report from the Surveillance Technology Oversight Project released on Thursday explores the risks associated with proximity detection, which relies on Bluetooth signals from cell phones.
New York hasn’t announced any plans to incorporate this technology into its approach.
But S.T.O.P.’s report argues the discussion about privacy concerns and civil liberties cannot wait until the emergency ends.
“History teaches that privacy invasions often outlive the emergency they are intended to combat. To this day, the USA Patriot Act provisions that were supposed to expire in 2005 are being debated for renewal to 2024,” the report reads, referring to the domestic security law passed in the aftermath of the September 11 attacks.)
Through a spokesperson, the governor dismissed Williams’ concerns: “The data resides with the state, not a private foundation and this isn’t happening. There’s enough real problems fighting this pandemic, and we have no time for politicians who create fake ones in a craven attempt to get in the paper.”
Of course, to reach the tremendous scale required for contract tracing to be effective in helping control the spread of the virus, speed is an important factor.
But transparency is a success factor, too. Public health experts have repeatedly talked about how contact tracing cannot operate effectively if people distrust the program.
After all, contact tracing works best when tracers can reach as close as they can get to every single person potentially exposed to the coronavirus. For contact tracers to obtain sensitive information about people’s contacts and whereabouts, New Yorkers will need to feel comfortable speaking with contact tracers and understand how the information they share will be protected.
In his briefing on Monday, Williams highlighted the importance of explaining ahead of time the process for protecting contact tracing data, particularly for helping immigrant communities feel comfortable participating. One would expect that contact tracers would need to be able to explain how the information they collect will be safeguarded. Before the health department contacts anyone through the contact tracing program, more transparency about what New York is doing to prevent this pool of data from falling into the hands of other government agencies like ICE or private groups can help facilitate trust.
“This isn’t a question of privacy versus public health,” says Albert Cahn, executive director of the Surveillance Technology Oversight Project). “You cannot fight this virus [and] help save New Yorkers’ lives unless you have the privacy safeguards. If we try to move forward without that, it’s really just a recipe for disaster.”
Contract tracing isn’t new. But Cahn, who also serves on the New York Immigration Coalition’s Immigrant Leaders Council, says that the health department reaching out to thousands of New Yorkers, collecting their names and routines, creates a larger pool of information. It might not have been worthwhile in the past (due to a combination of legal safeguards and the far fewer number of individuals who’ve had information collected) for an agency like ICE or the NYPD to try to access data from the health department’s work on contact tracing with other diseases, he says. But, the scale of contact tracing planned to address the coronavirus is “orders of magnitude larger than anything we’ve done in our lifetimes,” says Cahn.
In 2017, New York City had to fight in court to be able to destroy personal documents collected through its municipal ID program, IDNYC. The IDNYC program was designed to especially benefit immigrants in the city, but the process for destroying documents became a major sticking point. Cahn fears a repeat of this issue if New York doesn’t develop a protocol that addresses privacy concerns from the start.
Quentin Rhoads-Herrera, a cybersecurity professional at Critical Start says it’s important to be clear about who gets access to the data in the first place because there’s always a risk of a leak originating with someone who had been granted access to the infrastructure storing the sensitive information.
For its part, the health department says it plans robust protections for the data and people’s privacy.
“The NYC Health Department has been protecting patient confidentiality in the course of its contract tracing for diseases like tuberculosis, measles, and HIV for decades. We feel strongly about our responsibility to protect patient health data in all that we do,” Stephanie Buhle, spokesperson for the NYC Department of Health and Mental Hygiene, said in a statement to City Limits. “Patient health information is also protected by various State and City laws, rules and regulations. New Yorkers are never asked about their immigration status.”
Featured in City Limits | May 7, 2020
The education system might be overlooking an unexpected threat with the whole world moving online: SAT and ACT hacking. Unlike other hacking threats, nation-states and criminals aren’t the primary risks, said Quentin Rhoades-Herrera, director of professional services at computer security firm CRITICALSTART. “Students in the past have hacked their own universities to change their own grades,” he told MC. “This is now going to be more on a larger scale because of how much it’s going online.”
Speed has taken precedence in the education sector, he said: “Their focus was getting these students online as fast as possible. It’s going to be the same for the SATs and ACTs. Security is probably going to be in the backseat.”
Test companies vow security, but: The College Board, which administers the SAT, said last month it “would ensure that at-home SAT testing is simple, secure and fair” if remote testing is required this fall if coronavirus quarantines are still in place. ACT also announced last month it would offer remote testing this fall that “upholds critical aspects of test security and score validity.” College admissions counselors, however, are not so sure about the security and validity of at-home tests.
Featured in Politico | May 6, 2020
In a highly competitive economy, it’s often difficult to attract and retain top talent. This is especially true in the ever-evolving tech industry. In a field that changes so quickly, it’s hard to find good workers who also have the necessary skills for the job.
When a talented candidate reaches your pool of applicants, you may need to convince them to join your company over a competitor’s. Below, 16 members of Forbes Technology Council share some strategies you can use to successfully snag top industry talent.
1. Lead With Your Mission
Lead with mission. Here in Palo Alto, we see so many tech startups and very few have considered a mission component to their company. When an enterprise has a very clear and measurable way of showing how the world is better because of its organization, it is a lot easier to attract and retain talent. – Stephen Dalby, Gabb Wireless Inc.
2. Create The Right Culture
Creating the right culture for an organization is the key to attracting, retaining and empowering employees. Company culture can be achieved by focusing on three core areas: cultivating community, celebrating individuality and embracing possibility. By prioritizing these behaviors, tech leaders can improve retention, drive recruitment and build an environment that fosters growth and innovation. – Mike Dickerson, ClickDimensions
3. Turn Your People Into ‘Superheroes’
Innovation requires diverse, top talent. To stay competitive and attract new hires, leaders must implement technologies that make jobs more dynamic and fulfilling, and allow for career growth. We invest in AI to make our people into “superheroes,” helping them augment their workflow and be better, faster and stronger at their jobs. They love how AI makes them more effective and they demand more. – Jeff Wong, EY
4. Show Them How They’re Part Of The Big Picture
It’s important to share your vision for growth and how critical new employees are to accomplishing that goal. Everyone wants to feel like they are doing valuable work, making a difference and that they are part of a bigger mission. With authentic conviction, share your company vision and how the job fits into that vision, and you will win the battle for the best candidates on the market. – Sanjeev Sularia, Intelligence Node
5. Demonstrate Your Commitment To Future-Proofing Your Work Environment
Tell them: Our work environment focuses on building employee skills to stay ahead of the game. We help you build your skills by providing you with the opportunity to juggle many digital skill sets at the same time. This allows you to think critically, do the data analysis and then perform the necessary coding to solve the problem. You learn to manage the whole process from start to finish. – Leonard Kleinman, RSA Security
6. Help Them Prepare For Their Next Job
With the industry-wide headcount shortage, most organizations are recruiting straight out of college. Most graduates understand that their first job should prepare them for their next job, so having an education and elevation plan in place to make them a more valuable asset is a great recruiting tool. It will also better the employee while they’re part of the company and may also breed loyalty. – Randy Watkins, CRITICALSTART
7. Align Your Culture With Success And Winning Together
The best companies not only have competitive pay and benefits, but also have a culture and focus aligned around helping clients succeed. People want to be a part of winning teams that are prioritized and add value, but also believe in the products and services. The best candidates seek teams designed to sustainably win together. – Jason Crabtree, QOMPLX, Inc.
8. Build Out Your Career Development Program
Lack of opportunity for career growth is a common reason good employees leave companies—and it’s key to attracting talent. If you don’t have a solid program in place, do it now. Step up in-house training, reimburse for outside training and offer practical training opportunities to use new skills for real-world tasks. Support creative thinkers and don’t hold them back with “stay in your lane” rules. – Anna Frazzetto, Harvey Nash
9. Focus On Candidates’ Specific Expertise
Every role needs an entrepreneur-minded person, so it’s time we pivot away from the notion of finding a candidate that checks every box. To find and retain top talent, leaders should play to candidates’ domain expertise and not encourage them to be something they’re not. Candidates will prioritize companies that let their talent shine and give them the opportunity to help grow the company. – Sudheesh Nair, ThoughtSpot
10. Find The Overlap Between Their Goals And Your Job Opening
One strategy I use is to get a good fit between their career growth goals and the role I am working to fill. If the job is one that I need filled and at the same time, meets the immediate career goals of the candidate, they will be more likely to choose to come. – Linda Apsley, capitalone.com
11. Show Them What You’re Working On
What gets people interested? Provide them with interesting work where they can show they know their field better than anyone else. So, actually show them the projects you’re working on. Can you offer that kind of unique experience? Then you don’t need to convince them. They’ll convince themselves. – Vaclav Vincalek, Future Infinitive
12. Help Bring Their Vision To Life
Any hire will always do their due diligence on the company’s culture before they accept a job. Breathe growth and focus on the potential hire’s aspirations—every person is a CEO in their own heart. Understanding their vision is important. There will always be competition; however, if what a potential hire wants from their professional life can coincide with the company’s goals, it’s a win. – Bhavna Juneja, Infinity, a Stamford Technology Company
13. Invest In Your Managers
The key to recruiting great people into your company is to have a great company. Invest in your managers with the right development and empowerment to create the right culture. As those managers recruit new talent, their authenticity will show through. – Steve Pao, Hillwork, LLC
14. Lay The Groundwork For Their Future
The new hires are most concerned about their future, both within and out of your company. The employers need to appeal to this concern. Ensure that they will be working and learning not only for the present moment and position, but also laying down the grounds for the future too. The more you are going to give, the more comfortable your potential hires will be with choosing you. – Daria Leshchenko, SupportYourApp Inc.
15. Demonstrate A Cultural Alignment
High salaries, good benefits and many perks are all great at attracting talent, but none are as good as company culture. What is the point of making 10-20% above market if you hate coming into work every day? Being surrounded by like-minded people that respect, encourage and motivate you is far more valuable than anything else a company can offer. – Abishek Surana Rajendra, Course Hero
16. Make Your Best Offer Up Front
For candidates, the right job is about more than just good pay. There’s the work schedule, remote work possibilities, health benefits, training budgets, wellness programs and more. Present your offer up front and avoid getting ghosted for someone else. Without it, they might never come back to you and you’ll have lost out on a great candidate. – Thomas Griffin, OptinMonster
Cybersecurity is no longer just a concern for large corporations and government entities. One of the largest attack surfaces today is healthcare where facilities rely on ease of access and fast sharing of data to facilitate immediate and effective care.
Breaches in healthcare are occurring more frequently than ever before. According to HIPAA Journal, an estimated 494 data breaches of more than 500 records were reported to the HHS’ Office for Civil Rights in 2019. Additionally, more than 41 million records were stolen, and/or disclosed without permission last year. As of November 2019, the healthcare industry accounted for four out of five data breaches, with predictions that 2020 could be a record-breaking year. The financial impact also hurts the healthcare industry, with costs from those breaches estimated to reach approximately $4 billion in 2020.
Given these escalating stats, there is no such thing as out of bounds businesses in the cyber threat world. The only real question is whether your organization is a target of opportunity or intent. A target of intent is one that an attacker is seeking to cause notable impact, while a target of opportunity is one that an attacker is simply exploiting in order to get to their real target.
Attackers, especially those driven by geopolitical motives, are looking for disruptive impact and notoriety. While healthcare is an obvious target of intent for attackers looking to cause tangible impact, they typically will not attack these entities directly due to the higher risk of detection. This is where the targets of opportunity come into play.
An attacker looks for existing trusted connections with their end targets. For example, an experienced thief may not attempt to rob a bank directly through the front doors, but rather looks to see if there is a way in through a trusted connection such as a connected building that shares a ceiling or some other form of less visible entry. In the digital world, this means observing who their end targets are connected to and how those connections are implemented, monitored and leveraged.
Companies rely heavily on digital connections with their vendors, partners, service providers and customers. These connections present potential risks on all sides. A supplier who has a connection to a medical facility for billing may serve as an optimal target of opportunity for an attacker to gain access to the facility’s patient information, details of upcoming procedures and scheduling, supply orders and even physical power and/or HVAC capabilities.
Small to medium-sized businesses are frequently targeted by phishing attacks. The attacker’s intent is to set up a presence on their network to gain access to larger businesses with whom they may have connections. Alternatively, larger entities need to assess not only how they connect with these other businesses but also how their network is designed to prevent these attacks from moving forward should a partner connection be compromised. This means taking a holistic approach to reviewing their network visibility, how it’s constructed, segmented and used. Simply purchasing a new security tool will not improve your security risk posture if you have abundant faults in your IT implementation and utilization.
To assess your risk and impact, here are some questions your organization should consider:
These are just some of the questions that must be asked when assessing your risk and impact. If you are not pursuing answers to these questions, then you are exposing your business and those you do business with to unnecessary risk. To mitigate risk, every organization should be breaking down silos and self-centric thinking and considering the world outside your business to determine what impact we have on each other.
Author: Joshua Maberry | Director of Customer Success, CRITICALSTART
Featured in TechNation | April 30, 2020
Task and project management is a must-have skill in the technology industry, especially for tech leaders. Most are handling multiple projects and demands on their time, so it’s important to be able to prioritize and get everything done.
As some of the top professionals in the field, the members of Forbes Technology Council have spent years cultivating their project-management skills. Below, they share their go-to project-management strategies.
1. Let your team own the projects they’re passionate about.
One management strategy is to create an organization where people apply or sign up for the projects that they are passionate about. This requires that leaders end centralized management and disperse responsibility, creating a self-managing organization. Those who are passionate about a project manage it from beginning to end, often completing projects faster and with better results. – Sergei Anikin, Pipedrive
2. Set milestones and goals as a team.
A lot of tasks we end up focusing on are more related to activity than productivity. To make sure our focus is on productive tasks, the entire organization must be aligned on the organization’s goals and the tasks everyone must do to contribute to those goals. Once everyone understands their function, setting and focusing on milestones to accomplish larger tasks leads to better progress. – Randy Watkins, CRITICALSTART
3. Have a central communication tool.
The first and most important step is to define the goal of the project and clarify expectations. All modern project management comes down to managing expectations. The circulatory system of modern management is communication channels. The key communication tool is a task-management system combined with a knowledge base—something like Jira with Confluence. – Dennis Turpitka, Apriorit
4. Create an Eisenhower Matrix.
I look to Eisenhower for inspiration, and I utilize an Eisenhower Matrix daily. I make four boxes with “Urgency” on the x-axis and “Importance” on the y-axis. This allows me to bucket tasks into four categories: “Urgent/Important,” “Urgent/Not Important,” “Not Urgent/Important” and “Not Urgent/Not Important.” It’s a powerful way to figure out what needs to be done when. – Michael Zaic, Wild Sky Media
5. Hold regular standup meetings.
Quite a few principles fall under the agile project-management framework, but the one I find the most useful is having regular standups. In these meetings, team members go over what they’ve done and what they’re going to do, as well as if any roadblocks are in their way. This allows employees to go over every project they’re working on to give regular updates. – Kison Patel, DealRoom
6. Manage customer expectations.
Customers are notorious for adding to the scope or making changes to what they want. One of the best ways to deal with it is by managing the customer’s expectation of what they will get. This may mean that, as a manager, you will need to tell customers that their request is out of scope and requires a modification to the contract that may affect cost and/or timelines. – Michael Hoyt, Life Cycle Engineering, Inc.
7. Treat your days like sprints.
Time management is essential. I treat my days as sprints with specific time blocks for each activity. I leave two blocks in the afternoon to return to what I need to for additional review or followup. I set specific times for emails, phone calls, meetings, etc. And, importantly, I do not let them interfere with each other. – Wesley Crook, FP Complete
8. Monitor and address positive and negative risk.
Organizations with agile projects should realign their risk perceptions. Although negative risk must be carefully managed, teams should embrace positive risk to maximize business value. Risk matrices, risk burndown charts and risk-modified user story maps should be included on agile walls and must be adjusted to help teams identify, monitor and address both positive and negative risk. – Christopher Yang, Corporate Travel Management
9. Hire smarter people and nurture new leaders.
There is no greater joy as a leader than seeing those you have nurtured surpass you in talent and success. That is your lasting legacy. Hire people smarter than you and nurture their leadership abilities. There is the old adage of, “If you want to go fast, go alone, but if you want to go far, go together.” Develop a robust team of leaders and allow them to succeed. – José Morey, Liberty BioSecurity
10. Prioritize projects that move the needle.
Tech leaders are constantly juggling multiple projects and initiatives at once. But you need to select and prioritize projects that will make the biggest difference. Nonessential projects can actually result in productivity loss. Selecting the right projects is actually a skill that comes from an understanding of business strategy combined with a data-driven approach that will impact key performance indicators. – John Shin, RSI Security
11. Leverage managed services.
If you lead an engineering or development group and your tasks include maintaining toolsets, managed services can be a godsend. The same is true if you’re a systems or application administrator. Any service provider worth their weight can take things off your plate like admin and implementation, user training, troubleshooting, support issues, and the like. – John McDonald, ClearObject
12. Maintain a culture of accountability.
Even before specific task- or project-management skills come into play, it is important to maintain a culture of accountability. Start with yourself. Meet your own commitments and admit mistakes. Define your expectations. Ask for commitments. Be open to feedback. Coach people on how to be accountable and to hold others accountable, and understand what the consequences should be for poor performance. – Steve Pao, Hillwork, LLC
13. Lay out the details ahead of time.
Describe all the details and lay down all the plans even before the project is launched. This move is often underestimated, but it can really go a long way. Laying a solid foundation for projects will ensure that you are not going to need to manage them daily. If your team knows what to do, the process will be smooth and successful. – Daria Leshchenko, SupportYourApp Inc.
14. Stop micromanaging your team.
Let your team members take full ownership of their areas of responsibility. Keep them loaded at 70% to 80% to reduce stress levels and enable creative thinking. To ensure effective delivery, avoid any kind of micromanagement and tactics control. It’s ruinous for both sides. All in all, make sure your team always understands your “what” and can bring you their “how.” – Aleksandr Galkin, Competera
15. Limit distractions during your ‘focus time.’
Multitasking is a myth. To do deeper work, you need to limit distractions. To do that, you need cultural and individual practices that allow people to go offline for chunks of time and that respect that time so that folks feel comfortable turning off distractions and digging deep. This singular and serial focus allows you to “multitask” more because you are not constantly switching tasks. – Amith Nagarajan, rasa.io
16. Implement good status-reporting practices.
As a tech leader, I need to know the high-level details of the project (schedule, timeline, whether it’s on track, if anyone needs my help removing an obstacle, etc.). That way I stay updated, know when I need to get involved and can keep my schedule moving forward. We use the Entrepreneurial Operating System to keep our status reports and meetings on track. – Thomas Griffin, OptinMonster
Chris Ward speaks with Quentin Rhoads-Herrera of CRITICALSTART to discuss cybersecurity in a time of a pandemic.
In our current time of crisis, it’s a sad fact that there are many taking advantage of distracted governments, businesses, and individuals. With the majority of workforces in the Western world currently working from home, often on insecure networks, and far removed from their typical IT support structure, an increase in cybersecurity threats has reared its head during the COVID-19 crisis.
I recently spoke with Quentin Rhoads-Herrera of CRITICALSTART to discuss trends they have recently witnessed, how the company is helping during the crisis, and cutting through some cybersecurity jargon. You can hear the full interview above.
Disinformation
I spoke with Quentin several weeks ago, and in the weeks since, the disinformation has increased, especially as the crisis took its hold in Europe and the US. During our interview. He mentioned that his team had noticed a rapid ramping up of domain purchases relating to COVID-19 and Coronavirus, and increased Twitter (frequently bot or spoof accounts) activity, spreading incorrect information as fast as the virus itself.
This is not the first time Quentin and his team have had to respond to increased activity, and major events typically trigger a flurry of activity in those corners of the web that many of us live in blissful ignorance of.
For example, when the US announced Space Force there was a rush to register similar domains to cause confusion. Whenever there is a mass of information on a particular topic, there will be an equal amount of disinformation. The announcements of various stimulus packages around the world added to the disinformation campaign, if there is a lot of money involved, you can guarantee that others will attempt to trick people into parting with it, even in a time of crisis.
Though Quentin took pains to point at that with the COVID-19 pandemic, the modern world has never seen a crisis of such a global scale. Equally, the cybersecurity community has never seen a reaction to that at such a scale either.
Phishing Attacks
Many of these fake domains are also used for targeted or mass attacks using Phishing techniques. Many of these phishing attempts promise cures, masks, or “official” information from government bodies, such as the CDC. While the human factor has always been the easiest route for any hack, the added factors of stress, distraction (from working around family members, etc.), and insecure work environments, as I mentioned above, have made it an easier play. Google also recently announced how many (18 million)c false emails they are blocking EVERY day.
Practice Safe Security
Cybersecurity doesn’t change so much in a time of crisis, just that the potential attack vectors change. As with any other time, you should treat any email that isn’t from someone you know (or looks different than it typically does) as potentially malicious. You should make sure you’ve changed the default admin account details on your router, use a VPN, or PGP signing, multi-factor authentication, etc. But we all know that these are not always the easiest tasks for everyone to understand and implement, and even then, malicious parties can lead them astray and cause even more harm.
Lend a Technical Hand
Now, at least a few weeks into the crisis for most countries, I’m sure IT support staff have had many a VoIP call with staff members attempting to help them get set up as securely and simply as possible. This task is made even more difficult by pressures on home internet performance, and other external pressures. I’m sure many of you reading this have helped out relatives, colleagues and friends with IT issues over the past few weeks, and this continues to be a great way tech-minded folks like us can help those around us who are struggling to cope with a lot of unknowns right now.
Another place we can help is by using our know-how and computing power to contribute to projects, such as folding@home (for protein model simulations) or a multitude of hackathons (some specific open source ones too) in local and global areas.
CRITICALSTART has dedicated a proportion of their hash cracking machines that are normally used to test password encryption security to the folding@home project, and even Blockchain miners are starting to switch some of their machines to help.
At the moment, one of the best skills (as developers and other tech-minded folks) we can learn to help others through this crisis is a large dose of patience and understanding.
A Cybersecurity Primer
While we’re on the topic, here are some key terms and concepts.
Team Structure
Cybersecurity companies tend to divide themselves into different teams, loosely around offensive actions (sometimes called a penetration tester) called a red team to find vulnerabilities, and defensive team, called a blue team, to help fix those vulnerabilities.
Managed Detection and Response (MDR)
A newer approach to security practices, where a team helps a client manage their security infrastructure by collecting logs from endpoints such as antivirus and threat detection systems, matching them to a registry of known “good” and “bad” alerts and actions to detect real issues.
This analysis can become quite nuanced, for example, allowing some users to run scripts, such as Powershell or bash scripts, but raising an alert if another user trues the same.
Zero-day
A zero-day is a vulnerability that the world does not know about yet. A vendor may know about it because someone told them about it, a client may know about it because it was found during a client engagement, but nobody else in the world knows about it. Generally, a team helps a vendor patch the issue and ensure that their clients have applied the patch. If the vendor never responds, then a team helps the client work around the patch as much as possible.
Featured in DZone | April 22, 2020
For the first time in National Football League history, draft day is going remote and online. Social media will play a big part in that transition, and teams have to work in that world securely.
In recent years, the NFL turned the day its teams pick their stars of tomorrow into as big an event as any regular-season game. Thousands of fans showed up in cities across the country just to see what college kids their favorite teams would tap for their rosters. Coronavirus made that mega-event impossible, so draft war rooms dispersed from Green Bay to L.A. will send in their picks via video conferencing and keep fans updated via Twitter and other platforms.
In this first (and hopefully only) virus-limited NFL draft night, online security is paramount. Not only are teams afraid of being hacked by third parties ranging from plain old troublemakers to gamblers looking for tips, but they also have to consider the worst-case scenario — another NFL franchise trying to snoop into another team’s personnel plans.
The first pick is now hours away, and the cybersecurity firm CRITICALSTART is offering five tips NFL teams can follow to guard against their draft plans being exposed via vulnerable social media and video networks.
The security steps come off as basic, yet sensible:
More importantly, the minds behind CRITICALSTART insist any home internet user can adopt those same ideas for a household network.
With “stay at home” quarantine orders for the Coronavirus still in effect, locked down individuals and families are using social media to contact the outside world at unprecedented levels — and therefore exposing themselves to hacks just like the NFL. They can make those social media hours safer by taking a good look at the same safety guidelines football’s best brains employ tonight.
Featured in Forbes | April 23, 2020
A hacker could provide entertainment value by disrupting the virtual NFL draft that begins Thursday. Desperation for any sports entertainment shouldn’t make us forget that these things are boring. The few moments of suspense as picks and trades are announced are drowned out by incessant chatter by talking heads and nonstop loops of player highlights.
This draft broadcast with commissioner Roger Goodell announcing picks from his home would be more fun if a hacker interrupted it to make mischief. Just please don’t shut it down completely. It already takes too long.
Such an infiltration would embarrass the NFL but wouldn’t compromise the integrity of the draft itself. There are other potential hacks outside the broadcast that wouldn’t be so harmless for the league.
What if teams, or third parties working for them, remotely hack into the videoconference platforms used by rival teams or even the computers of their personnel? Team officials aren’t allowed to congregate in one room, like usual, so they are scattered about and communicating virtually.
A team that digitally eavesdrops on what’s being said in the virtual draft rooms of other teams obviously would gain an illicit advantage this week. Gaining access to the computers of rival teams would be an edge that keeps paying off. The history of espionage in sports shows that teams are willing to cheat if they think they can get away with it.
The virtual nature of the draft provides hackers an opportunity to cheat without detection. And the popular Zoom videoconference platform that’s used by NFL teams and other businesses has been a target of such attacks.
Vice recently reported that brokers are offering for sell “exploits” that take advantage of vulnerabilities in the Zoom platform. The attack allows hackers to leverage what’s known as “Zoombombing” to infiltrate meetings and possibly access the target’s entire computer system. According to the report, the exploit requires the hacker to be on a call with the victim.
Quentin Rhoads, director of professional services for the cybersecurity firm CRITICALSTART, cautions that so far there’s no proof that the Zoom exploit exists.
“But in security, we are going on the perspective that it might be real, so we have to take it seriously,” Rhoads said. “If somebody were to (use the exploit) they could potentially gain access to all these Zoom meetings without being invited if the meeting I.D. were leaked and Zoom security best practices weren’t being followed. If victims are running Windows, (hackers) could gain local access to machines without the victim knowing it.”
Vice, citing an anonymous source, said the asking price for the Zoom window application exploit is $500,000. The market isn’t hackers looking to snoop on Zoom calls among friends and family. Hackers would be interested in intercepting sensitive conversations and information that businesses want to keep private.
NFL teams have a lot of that. For obvious reasons, the NFL isn’t offering specifics about what security measures it will use for the virtual draft. However, the league said the Microsoft Teams platform, not Zoom, will be used for its communication with teams and vice versa. CRITICALSTART said there have been fewer issues with Teams, but that it’s still possible to hack the platform.
Rhoads’ firm posted tips for NFL teams to safeguard their communication and information. One of them is requiring strong passwords and multifactor authentication to gain access to meeting platforms. An example of the latter is the platform sending users a text message with a code that’s required to gain entry.
“If an attacker decides they want to gain access to your password, they need to kidnap you or find your phone or steal it,” Rhoads quipped.
No NFL team would resort to kidnapping. But we’ve seen how far sports teams will take espionage to gain an advantage.
The NFL punished the Patriots in 2007 for violating NFL rules by taping the Jets’ defensive signals from the sidelines during a game. ESPN reported that New England had a secure room at its facility that contained videotapes of opponents’ signals going back seven seasons. Goodell ordered that evidence be destroyed.
MLB found that the Astros broke the rules by using a video camera sign to steal signs during the 2017 and 2018 seasons. The Astros used the scheme during the 2017 postseason when they won the World Series. MLB fined the Astros $5 million, took away draft picks and suspended general manager Jeff Luhnow and field manager A.J. Hinch.
The schemes executed by the Patriots and Astros required team personnel to be physically present at games. That made those cheating plots relatively easier to detect compared with remote hacking.
NFL teams, like all sports franchises, are paranoid about rivals stealing their information. With the draft now going fully virtual, they have to look out for hackers.
Featured in Atlanta Journal-Constitution | April 22, 2020
The tax deadline came and went and now is the time when scammers see confusion and opportunity.
“It’s like Christmas for scammers right now. This is as good as it’ll ever get for them,” said Rob Davis, the founder and CEO of Critical Start, a cybersecurity firm. He told Channel 2 Anchor Wendy Corona with a trillion dollars out there for individuals and companies, scammers are out for their share.
“They’re preying on the instincts of good people that maybe are a little bit confused, that doesn’t want to confront the government. If you’ve ever had one of these calls happen to you, they can be pretty intimidating,” said Davis.
His best advice — do not engage. You may get calls, texts, social media messages all aimed at getting you to make contact or click a link and that’s when they strike and steal your information. It’s especially rampant around the normal tax deadline date of April 15th. Some scammers will even send you fake checks.
“It’ll say, ‘Hey if something is wrong on this check call this number.’ The whole goal is to use the check as mechanisms to get you to call somebody so they can steal your information,” Davis said.
Davis warned that the IRS will not text you or aggressively force you to take urgent, immediate action. He also said avoid clicking any links and instead check everything against the IRS.Gov website. “Pause. Take a deep breath. Get some help. Come back to it later. There’s nothing wrong waiting a day. Always be suspicious,” he warned.
The new tax deadline is July 15th and you are not required to file an extension or pay anything until that date.
Zoom has become nearly synonymous with office meetings and socializing as people around the world have adapted to life at home amid the Coronavirus outbreak. That has put the roughly 9-year-old company in the spotlight more than ever before — for both the good and the bad, as an onslaught of security issues have come to light.
The biggest hurdle for Zoom moving forward, according to some security experts, isn’t just fixing those issues. It’s doing so in a way that enables Zoom to maintain the convenience that has made it so popular in the first place.
“There are different security measures that you can implement, but again it comes back to this pendulum of security versus usability,” said Etay Maor, chief security officer at cyber threat protection firm IntSights. “Where do you feel comfortable and where do your users feel comfortable?”
Zoom’s security troubles
The teleconferencing app has surged in popularity over the last month, as it’s hosted 200 million chat participants throughout March, compared with its previous all-time high of 10 million as of December 2019.
That has made the platform a ripe target for internet trolls. A new form of harassment known as Zoom-bombing has emerged in recent weeks, which is when intruders infiltrate a Zoom meeting and bombard participants with offensive content. The FBI has said that it received two reports of such incidents occurring in Massachusetts schools.
But that’s just one of the security woes that have troubled Zoom over the past month. The company was hit with a class-action lawsuit over accusations that it shared analytics data with Facebook without properly alerting users. Zoom also said that some calls were mistakenly routed through China as the company beefed up its server capacity in the country at the start of the outbreak.
The list of companies and organizations banning Zoom has continued to grow along with the security issues. Schools in New York City, the Taiwanese government, and Google have suspended usage of the popular video service. Singapore also recently told teachers not to use the service.
Security versus convenience
Enhancing Zoom’s security while keeping the service as frictionless and accessible as it has been could be a particularly challenging balance for the company to strike. Joining a Zoom meeting can be as simple as clicking a link from your email or calendar invite. But adding layers of security often means implementing more steps for the user.
“There’s always a trade-off between ease-of-use and usability,” said Rob Davis, CEO of cybersecurity firm CRITICALSTART.
Two-factor authentication, for example, adds more security but also means the user needs to take that extra step of typing in the code sent to his or her phone. Enforcing tighter controls around how participants join a meeting could also make the process of adding colleagues or friends at the last-minute slightly longer.
Stronger end-to-end encryption could also make it harder to maintain high call quality, one of the characteristics that makes Zoom so appealing, according to Satya Gupta, chief technology officer at web application security company Virsec.
“I suspect that this is going to be a serious problem for Zoom to be able to solve because, you know, when you encrypt and decrypt, it introduces lag and latency into a call,” Gupta said.
For its part, Zoom has been quick to react to the myriad of issues that have emerged. It outlined a 90-day plan to make Zoom a security- and privacy-first product. As part of that plan, it’s committed to freezing the development of new features to focus on increasing security, publishing a transparency report with information about data requests, and bringing in outside experts to evaluate its security practices among other measures.
The company recently tapped Alex Stamos, Facebook’s former security chief, as an external consultant to help it ramp up its security. It has also made security settings easier for users to access, and now requires additional password settings for users on basic, free accounts and accounts with a single licensed user.
Still, Zoom could be more transparent about the measures it’s taking, which makes it easier for other security professionals to assess the company’s approach to security, Davis said.
“That allows other people to more easily ascertain, ‘Have you taken the right steps?’ Davis said.
Zoom has said it will consult external security experts and form a council of chief information security officers from across the industry to discuss best practices when it comes to security.
But the experts seem to agree that trading some conveniences for security is worth it. And juggling the two, especially within 90 days, will be a challenge.
“It’s a hard balancing act that has to be performed,” said Maor. “It’s not an easy task.”Featured in Business Insider | April 11, 2020
In the wake of the ongoing coronavirus pandemic, we have witnessed a surge in telecommuting as more companies transition to remote work. Over the last couple of weeks, we’ve seen a spike in web traffic (including a record-setting number of Zoom calls) as companies make the switch. Initially, there was even concern that this massive onslaught in web traffic might even break the internet, but, for now, it looks as though we’ve avoided this particular calamity. Nonetheless, the Great Telecommute Experiment of 2020 is well-underway.
The challenges involved in this overhaul are daunting for many companies and IT teams to say the least. Fortunately, this process doesn’t have to be all trial and tribulation by any means, even if organizations are a bit late to the game with their preparation. To assist, we’ve curated a series of tips from tech pros across the industry to help iron out some of the wrinkles as teams around the country make this clunky transition en masse.
On the security side, this chaotic transition is certainly ripe for failure and breaches. With more teams working remotely, there are sure to be enhanced endpoint vulnerabilities. Additionally, more companies will increase the number of third-parties with network access during this transition.
“Organizations need to understand that more sensitive data will be stored and available via a remote workforce. You don’t want intentional or unintentional data leakage, which might require new controls on remote endpoints and cloud applications,” explained CRITICALSTART founder and CEO, Rob Davis.
As a result, more companies are looking to VPNs to beef up network security. One such provider recently reported worldwide use of its VPN technology had recently increased more than 160%. Although, as CRITICALSTART noted in our correspondence, there are other basic measures companies can adopt such as establishing multi-factor authentication and single sign-on protection. Regardless, even with the most comprehensive security measures in place, companies should also have a response strategy in the event of a breach.
“Plan for failure. Most breaches are caused by human error, and the best-intentioned people still make mistakes. Have an incident response plan that is updated to work in this new environment,” Davis said.
Featured in TechRepublic | April 7, 2020
For Quentin Rhoads-Herrera, this was not a typical security test.
A big municipal government in the U.S. had just handed him the source code for software the city uses to manage contracts and track infrastructure projects.
He unpacked the code, sifted through it, and found more than a dozen previously undisclosed vulnerabilities, or zero-days, that a hacker could exploit to manipulate data or dump user passwords. But it was more than just a catalog of bugs: Poring over the code, Rhoads-Herrera found the names of two other city governments that have used the software.
The product, known as CIPAce, has been used by public and private sector organizations to collect invoices and manage contracts and budgets, according to CIPPlanner Corp., the company that makes it.
“If one attacker happens to exploit this city, then they can look and see, easily, every other city that’s using this … and attack them using the same methods,” said Rhoads-Herrera, a penetration tester at CriticalStart, a Texas-based cybersecurity company. He tried to contact another municipality to warn it about the issue.
Rhoads-Herrera says he hasn’t seen any malicious hackers exploit the vulnerabilities in CIPPlanner’s software. Zero-days in important software can be big problems for any organization, but for municipalities, the effects can be magnified. City governments are often cash-strapped and struggle to upgrade the technology on which they depend. A deluge of ransomware attacks has only served to expose how vulnerable public-sector agencies can be.
Reached by phone, Wayne Xie, a principal at CIPPlanner, said it was an “ongoing battle” to safeguard any software from hackers. “We continue to update the software and do penetration tests,” Xie said. He declined to discuss CIPPlanner’s clients or how many people work at the company.
Parts of CIPPlanner’s website don’t appear to have been updated in years. Two of the listed clients contacted by CyberScoop said they had stopped using the software. The company does have active contracts with an agency at a U.S. city government and with a county government in another state, according to data from those localities.
After months of working with his client to mitigate the vulnerabilities, Rhoads-Herrera said he’s raising awareness about them through a report released Thursday. The report does not name the cities affected. CyberScoop has shared the findings with the MS-ISAC, the threat-sharing body for states and municipalities, which is investigating.
Rhoads-Herrera’s client, he said, has worked with CIPPlanner to address the issue.
The vulnerabilities found by CriticalStart could allow a hacker, without even authenticating on the network, to disclose information on internal databases or upload a malicious “web shell” to manipulate data. CriticalStart deemed two of the bugs “critical” because they could allow a hacker to inject malicious code into the software platform.
“Every single vulnerability we found in this application was unauthenticated,” said Rhoads-Herrera, who was skeptical of CIPPlanner’s claim that it does independent penetration tests. “And leaking passwords is definitely a critical issue, especially since I used it to VPN into their environment with ease.”
Rhoads-Herrera said he was encouraged by the fact that the municipality was “so involved in trying to actually secure their infrastructure.” The city IT team would email him during the penetration test to say they had noticed his activity on the network, he said.
That proactive approach to security is all the more important with people across the country working remotely during the coronavirus pandemic. Knowing who should and shouldn’t be remotely logging into your network can be the difference between properly managing a workforce and having corporate data stolen.
Featured in CyberScoop | April 3, 2020
When it comes to protecting computers and information systems from cyber attack, artificial intelligence and machine learning can help — but they’re no cure-all for a growing problem.
Notwithstanding the current excitement over AI and its increasing ability to best humans on numerous fronts, it’s no magic bullet for shoring up cybersecurity, says Randy Watkins, chief technology officer with CRITICALSTART.
AI excels at managing massive amounts of data, including alerts about possible security breaches. The problem lies in how it interprets that information.
Alerts are addressed in the order in which they arrive. Then they’re prioritized and assessed for the appropriate level of threat. Human analysts, with deep knowledge and experience of the business, are good at placing each alert in its proper context. Machines, not so much. An AI-driven system can detect anomalous user activity, but it’s less effective in determining whether the event involves malicious intent.
“I am not a naysayer of everything AI,” Watkins says, “but AI and machine learning don’t have the capability to apply an abundance of reason to what they’re doing.”
Machines aren’t especially good at minimizing false positives. Take Microsoft’s PowerShell, a popular framework for task automation. A machine can’t accurately determine whether a given user of that tool should be executing a command at a particular time. The anomaly may or may not be the result of a malicious attack.
The term “machine learning” implies that the system gets better with experience, but Watkins says that ability is limited. Training the algorithm to respond in the proper manner requires feeding in large numbers of previous examples, both good and bad. And it still doesn’t solve the problem of false negatives — actual attacks that the system misses. “You have to be able to strip back the outliers that are going to skew your data,” Watkins says.
Figuring out whether or not an event is malicious doesn’t always amount to a yes-or-no answer. For one thing, companies must determine how sensitive they want the system to be. Should it raise the alarm for 100% of seemingly anomalous events? How about 80%? Too much, and you’re inundated with alerts and potential system shutdowns. Too little, and breaches are likely to slip by undetected.
“When you introduce more variables, you require additional data sets, more context about the subject and the behavior [of the system],” Watkins notes. “Once you start to introduce those questions, the machine falls apart.”
Effective detection of cyberattacks depends on cumulative risk scoring, something that humans do well. “Every time we look at an event, we’re deciding whether it’s suspicious,” Watkins says. “But you can also apply reason and previous knowledge about security that algorithms don’t have.
“A machine can crawl through tremendous amounts of data quickly,” he continues. “But give it an abstract concept like least privilege and apply it to the alert set — is it going to recognize a privilege escalation? There’s a lot of benign activity that looks malicious.”
There’s no doubt that machine learning will evolve, even as cyber thieves come up with new ways of avoiding detection. Microsoft has made strides toward improving the sophistication of automated detection systems, as has Palo Alto Networks, a global leader in cybersecurity. “But at the end of the day,” Watkins says, “you still need a human to say, ‘Yes, knock this domain controller offline.’” Companies strive constantly to minimize the cost of system downtime caused by erroneous alerts.
That said, there aren’t enough human experts to fill the need for cybersecurity across all sectors. “There’s definitely a lack of talent in the industry,” says Watkins. Hence the turn toward outside support, in the form of managed detection and response.
The talent shortage isn’t new. “It has existed since security has existed,” says Watkins. Only in the last 10 years have companies and universities begun to awaken to the need for better training and education of future cybersecurity experts.
Both humans and machines have a ways to go if they’re to collaborate in securing vital systems against the ever-growing threat of cyber attack. “We started at zero when we needed to be at 60,” Watkins says. “Now we need to be at 90, and we’re at 60.”
Featured in SupplyChainBrain | March 30, 2020
Jordan Mauriello, SVP of Managed Security, shares his thoughts with Steve Gruber of the Steve Gruber Podcast on election security and the vulnerabilities associated with polling places in light of the coming 2020 elections.
Full Video Transcript:
SG: It is six states going to the polls today, and critical states. Bernie Sanders would like nothing more than to repeat his upset victory that he claimed in Michigan four years ago when he beat Hillary Clinton, who was supposedly up by 20 points – 27 points one poll had her up before the primary in Michigan. And Bernie Sanders came in and pulled it off.
What about the vulnerability of polling places when it comes to online impacts, cyber impacts, cyberattacks? Jordan Mauriello here, CRITICALSTART‘s VP of Managed Security. Jordan, welcome to the program.
JM: Thank you very much, Steve. Happy to be with you this morning.
SG: So my understanding Jordan, is that most of these election machines, the tabulation machines, the computers themselves are not connected directly to the internet. But then I talk and hear from people who say, “Now wait a second, we’re gonna make it possible to vote online.” Well, obviously, if you’re voting online, you’re connected to the internet directly. What should be my concerns? Where are the vulnerabilities?
JM: So there’s definitely a lot of confusion about what the technology actually does in voting machines these days and the reason for that is it is, actually, different state to state in a lot of places. We see places like Iowa, which set a precedent for, oh, there’s an app, and online technology for voting that is being used, and clearly had significant technological issues, not to mention the lack of proper security assessment that was actually done there. So there were vulnerabilities that were introduced and significant problems as a part of the election.
But mostly what we’re actually seeing is a move towards an upgraded ballot marking device, or a device which eventually transfers votes through some, kind of, centralized system that is online, but then uploads those votes for a digital count mechanism. That’s where a lot of times we see the vulnerability mechanisms are actually introduced, is when we centralize this. But there’s always some way that they’re being connected to a network and being tabulated.
SG: So, the vulnerabilities, in your line of work, then, you go through and you say, “Okay, I see a weakness here, I see a weakness here.” Is that how you approach your job?
JM: Yeah. And that’s, often, what organizations bring us in to do, is to attempt to find what are the mechanisms to which something might be compromised. And, so, when we’re looking at election security specifically, you know, if we’re looking at in ballot marking devices, a good example of this is, the new devices they purchased in South Carolina, right? It’s like, “Oh, great it’s a ballot marking device.” And so you’re gonna use a screen, a touch screen to make your selection, and it’s gonna print out a ballot, it’s marked it for you. But then when it reads back in, what it actually reads is the bar code at the bottom.
And so, if you were a malicious activist, especially with someone with the kind of resources that a foreign nation-state would have that want to disrupt elections, well, you could certainly compromise that machine. As it prints out the proper results, when you’re validating, look it printed, “Oh, yes, I voted for Joe Biden. Yes, I voted for Bernie Sanders.” But then the bar code, well none of these humans that can read a bar code right now. So, you would feed that back in and not know what the bar code might actually register back to the device itself and that is a vulnerability.
SG: Yeah. Jordan, I know enough people that have enough difficulty reading period. Barcodes, I mean, let’s talk about that’s a little bit tougher.
Jordan Mauriello here, CRITICALSTART‘s VP of Managed Security.
So, let me ask you this. When you go in and vote yourself, I assume you vote-
JM: Yes sir.
SG: Do you have concerns about the security of your vote? Do you, do you have much security concerns overall when it comes to the reliability and accuracy of elections across this country?
JM: I think we saw, based on the 2016 elections, and what happened both at the campaign level and with evidence that’s come out from Durham County, North Carolina, that there definitely are problems and there are concerns that I have.
As a security expert, I look at the process they plan on. I’m definitely gonna go in, I’m gonna double-check my vote. I’m gonna look at the printout and make it sure it matches as best I can. I’m gonna feed it back in the device and make sure it says what I actually did, as being registered on the screen again. But I also had concerns at the campaign level.
And we saw the detriment that the cybersecurity problems were, like Hillary Clinton’s campaign in 2016. And those are very, very real issues. When you’re talking about the resources and capability that a foreign nation-state has in cyber warfare and applying that against not just election infrastructure, but even campaigns. There’s definitely significant concerns that both at an information and disinformation level, and an election security equipment level, that things could be compromised or disrupted.
SG: Well, and that’s a big concern obviously. I’m more concerned, honestly, in the way they’re tryin’ to do it in an old-fashioned way. What I mean by that is, you look at mail-in ballots. I think they’re more susceptible to fraud, potentially, the way it’s set up. Certainly in California with ballot harvesting and so forth. But, as you look forward then, Jordan, do you see a better situation? Are you more confident, more optimistic as you look at the future with more technology, more safety standards and protocols put in place? What do you make of it?
JM: So, I think we’ve made some very strong decisions in the last four years now to help improve election security, but it’s a slow process. It’s not happening overnight. We created the cybersecurity infrastructure and security agency in 2018, but there’s still a lot of things that have to be accomplished as a part of that.
And I think, Homeland Security, the committee and subcommittee on cybersecurity and privacy are moving in the right direction, being led by a lot of the right people, but there are a lot of things that we have to train election officials on. Have to educate, have to put the right equipment in place.
There are problems with even hard ballots and mail-in ballots that need to be approached from a process perspective, but then the technological issues and even the desire for some states to move to electronic voting introduces a whole new level of vulnerability that genuinely we are not prepared for from an election infrastructure perspective yet, and that has to be approached with the right mindset.
And I know a lot of people have asked, “Hey, are we moving to online voting?” and the real answer is, I hope not, because we are not ready, in the election infrastructure to actually do that yet.
SG: And I think we should leave it right there. We are not ready for that, and yet they keep pushing ideas ahead. Jordan Mauriello, CRITICALSTART‘s VP of Managed Security.
Jordan, greatly appreciate your insight in the conversation today.
JM: Thank you, Steve. It was a pleasure to be with you, sir.
In addition to helping doctors provide care, technologists are helping researchers find a vaccine for the coronavirus. White hat hackers are using crowdsourced simulations to understand how the virus behaves. The red team at CRITICALSTART found that the company’s password cracker Cthulhu can be used to run computer simulations that mimic the same complex protein folding that occurs in viruses. By using computational algorithms that simulate protein folding, doctors and healthcare professionals can better understand the virus and potentially identify an effective vaccine. Cthulhu can brute-force all combinations of upper case, lower case, space, number, and symbols from a single character to eight-character passwords iteratively in roughly six hours. Analyzing the molecular makeup of a virus takes similar levels of computing power.
CRITICALSTART is sharing its work with Folding@home. This volunteer effort is a distributed computing project for disease research that simulates protein folding, computational drug design, and other types of molecular dynamics. The project uses the idle resources of personal computers owned by volunteers around the world.
Featured in TechRepublic | March 17, 2020
As organizations find themselves short on budget and talent, security automation that supplements the work of security experts can reduce discovery costs.
It’s no secret: cybercrime is skyrocketing. Security breaches in the last five years grew by 67 percent for public and private sector organizations, according to Accenture and Ponemon Institute’s 2019 “Cost of Cybercrime Study,” with the average cost of cybercrime for an organization increasing from $11.7 million in 2017 to $13 million in 2018—an increase of 12 percent in one year.
Compounding the problem is a global cybersecurity talent shortage, with roughly two million open positions, reports ISACA as part of their State of Cybersecurity 2019 Survey. Organizations find it increasingly difficult to retain qualified cybersecurity professionals, with nearly70 percent reporting their cybersecurity teams are understaffed. Additional insights from the ISACA survey revealed that:
Surprisingly, attacker tactics haven’t changed much in the past 10 years – phishing, malicious files, unpatched vulnerabilities, and privilege escalation are still alive and well. What has changed is the reduction in time from finding a vulnerability to being able to launch an attack using that vulnerability. A robust cybercriminal marketplace allows unsophisticated attackers to quickly launch attacks against organizations. Additionally, the size of the attack surface has exploded, with targets that now include cloud and hybrid infrastructures, IoT and Internet-connected everything, increased connections to Industrial Control Systems (ICS/OT), use of mobile devices, and a higher number of employees working remotely. As a defender, you not only have to protect this larger attack surface but do so with the same IT security budget and smaller cybersecurity talent pool.
The good news is cybersecurity is evolving. Twenty years ago, incident response teams did not have a centralized method for managing security alerts. Then Security Information and Event Management (SIEM) came along, allowing security teams to centralize and prioritize security alerts. Incident orchestration was then bolted on top of a SIEM to reduce investigation time, but that is still a drop in the bucket when most organizations receive over 5,000 security alerts per day.
Whether or not an organization has a Security Operations Center (SOC), it’s critical to ensure proper triage of security alerts and swift response to threats. This takes time and money. Ideally, organizations would have an overarching security strategy driven by a risk-based decision-making process. This approach would fund the resources required to investigate and respond to all security alerts based on risk versus limited headcount.
Instead, most companies are raising alert thresholds, ignoring entire categories of security alerts, and creating artificial incident categories to reduce alert volume. This is not a risk-based decision but an arbitrary headcount decision, in many cases driven by a lack of budget.
Organizations need to optimize their approach to security with one that doesn’t require additional budget or ignoring security alerts, regardless of the alert category. The inability to resolve massive amounts of false positives from security tools is drowning security practitioners.
Security automation can help combat the rising cost of attack discovery,with savings of approximately $2.09 million, according to Accenture/Ponemon, factoring in investment costs. Yet adoption is still relatively low, with just 38 percent of the Accenture/Ponemon respondent sample saying they leverage automation. Automation could begin to address the shortage of skilled security staff by supplementing existing skills and capabilities. Automation that triages generic security alerts frees up time for cybersecurity professionals to invest in the business and focus on the smaller percentage of security alerts that require cybersecurity expertise.
While cybersecurity is slowly moving out of the IT basement into a cross-functional role within the organization, there is still a long way to go. As more organizations invest in security, business leaders need to improve the economic value of their cybersecurity strategies. Discovery costs will continue to escalate as cyberattacks increase. Organizations that take advantage of automation and advanced analytics to supplement the work of security experts, whether in-house or as a service, will help reduce these costs to drive positive bottom-line results.
By Rob Davis | CEO, CRITICALSTART
Featured in SecurityInfoWatch.com | March 9, 2020
A recent survey by computer security firm CRITICALSTART showed 66 percent of Super Tuesday voters said they fear the elections aren’t secure — with many believing one of the campaigns would seek to influence the election and others concerned a foreign power, like Russia, might try to interfere.
Jordan Mauriello, CRITICALSTART Senior Vice President of Managed Security, warned that cyberattacks — like denial of service attacks that seek to slow voting computers and other infrastructure through increased traffic — are simple for attackers to pull off and can be difficult to discern from common technical difficulties or other errors.
“Outside of getting honesty from the people who run the infrastructure, there is no way to tell the difference between a technical issue, a bug, an outage, something that is intentionally being disrupted,” he told UPI.
The survey found almost half of voters said paper ballots would make them more confident in the accuracy of elections — and Mauriello acknowledged electronic voting machines, which print bar codes as a mark of accuracy, can be manipulated.
“There’s no way for a human to really validate that a bar code is accurate, so if somebody were to compromise that system and manipulate what it actually writes on the bar code, people would never know the difference.”
Featured in UPI | March 3, 2020
In an increasingly connected and digital world, no company or industry is safe from the growing threat posed by malicious online actors. How can companies attempt to manage this? Rob Davis of CRITICALSTART provides some advice for businesses.
For many firms, as cyberattacks are increasing in number and sophistication, there are still countless hours wasted in the war to secure data by chasing after false positives. CRITICALSTART’s report “The Impact of Security Alert Overload”, details the challenges false positives are creating for the cybersecurity industry.
By surveying Security Operations Center professionals across enterprises, Managed Security Service Providers, and Managed Detection Response providers, the survey found that 70 percent of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45 percent reported investigating double-digit alerts each day.
Within this, the false-positive rate is 50 percent or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.
CRITICALSTART founder and CEO Rob Davis tells Digital Journal more about this issue and what businesses can do to address the challenge.
Featured in Digital Journal | February 29, 2020
How many times have you typed in the wrong URL? If you’re like us, it happens a lot — but typing the wrong address in your browser and hitting enter can cost you big time.
We all use sites like YouTube and Google, but now, more than ever, criminals are using fake URLs that look like the real ones to steal our identity and more.
“It’s giving them the ability to redirect the large following that these individuals have to their malicious sites. Then they can spread malware phishing campaigns to capture credentials,” said Quentin Rhoads, director of professional services at CRITICALSTART.
Featured in NBC WPIX Pittsburgh | February 26, 2020
Two-thirds of voting-age adults in Super Tuesday states believe the election is vulnerable to foreign interference, a poll by cybersecurity company CRITICALSTART discovered. While most believe their states are trying to address the problem, about half the respondents said they feel more confident with in-person paper ballots, and those who believe their state is secure are 2.3 times more likely to say they would vote on Super Tuesday. Tennessee voters were the most confident, while California and Texas voters were the least.
Featured in Politico Morning Cybersecurity | February 27, 2020
New Survey: 66% of Super Tuesday Voters Fear Elections Aren’t Secure
With less than one week to go before voters in 13 states cast their Presidential Primary Ballots, two-thirds of voting-age adults in Super Tuesday states do not believe their state’s election is secure from hacking or other technological threats. 44% believe one of the campaigns would be responsible for an election hack, while 37% say a foreign government would be the most likely culprit. Other key findings from the survey include:
The survey was conducted on February 24, 2020 and included 1,067 respondents across all 13 Super Tuesday states.
A data breach is an incident in which a victim’s sensitive information is accessed without permission.
According to a recent article by FOX Business, the main causes of data breaches are the lack of employee cybersecurity training, the tendency for vulnerable users’ to click on malicious links, unsecured and out-of-date company computer networks, and weak passwords without multifactor authentication.
Jordan Mauriello, SVP of Managed Security at CRITICALSTART, shared his thoughts on the challenges facing cybersecurity and the benefit of utilizing additional security tools to strengthen your networks.
“Good, basic security hygiene is still a key to good defense,” Mauriello said. “Proper password policies and removal of local administrator accounts. Implementation of proper network segmentation. Good patch management and remediation process.”
“However, for many organizations, this is still not enough to prevent all of these threats and organizations must look beyond traditional controls and onto next-generation technologies to help detect and prevent these kinds of attacks and the associated business impacts they can have,” he said
Featured in Fox Business | February 25, 2020
CRITICALSTART CEO, Rob Davis, discusses the security of digital versus paper voting in the 2020 elections in his February 16th interview with FOX5 News – KVVU.
Full Video Transcripts:
They are reminding people there are three more days to vote ahead of the caucus and the Dems says that, so far, over 11,800 people took part in the early vote. Now, we won’t see results from early voting until the 22nd, which is the day of the caucus itself. The party says they’ll be using a “caucus calculator” on digital devices and a phone hotline to figure out the results. We’re told that only precinct chairs will use the calculator.
This week, we talked to the CEO of CRITICALSTART, a company that helps identify potential cyberthreats. The man we talked to maintains that digital voting can be just as secure as paper voting, as long as it’s planned out correctly. If there’s not enough planning though, either method can lead to inaccurate results.
“Using a Google app, it can be secure, but what we don’t know is: say you are using a Google app, how are people getting access to it? How are they authenticating? To me, the concern I would have is this seems rushed again in an attempt to do something. So I’ll be curious to how that goes out.” – Rob Davis, CEO of CRITICALSTART
FRANK FM – New Hampshire interview with Rob Davis, CEO of CRITICALSTART
Aired February 17, 2020
Cryptojacking is so 2019. Ransomware is reemerging as the top cybercrime of choice, with attacks expected to increase in 2020.
The pivot back to ransomware can largely be attributed to the attacker’s ability to contextualize the malware and weaponize it in targeted attacks. These enhanced capabilities are exacerbated by the ease of access through ransomware as a service, which enables script kiddies to launch formidable attacks.
As predicted in a blog I published back in 2016, ransomware campaigns are evolving to target specific organizations and leverage context to drive demands. As seen in the highly publicized ransomware attacks against various Texas government agencies, attackers are targeting organizations such as state and local government offices, healthcare facilities, financial services, and others.
Based on contextual knowledge of what data and assets they have encrypted, they use that information to make their demands context-sensitive. Hackers who encrypt basic corporate documents charge a lesser rate, but when they have county tax records or patient health records, the ransom goes up. A more recent attack targeted currency exchange company Travelex. The cyberattackers demanded a $3 million ransom while encrypting customer data and disrupting business operations.
Evolutions of ransomware have seen not just the encryption of information, but also exfiltration, presenting both business disruption and potential disclosure of PCI or PII data, or IP theft. Gaining in popularity, the Maze ransomware is growing its business of leaking parts of exfiltrated data, ultimately leading to full disclosure if a ransom isn’t paid.
Given these challenges, what can be done to protect against these attacks? Looking at the attack kill chain, we can identify potential points for disruption:
Delivery
Installation
If all else fails…
With the ease and effectiveness of ransomware attacks, don’t expect attackers to abandon what works. Variants of ransomware number in the thousands, with modifications in the exploit, effect or lateral movement capabilities. Advancements in toolkits for ransomware now allow for drag-and-drop customization, with point-and-click delivery on a fully hosted cryptocurrency payment system. While these threats continue to evolve, the best defense is a look back to the foundation of security.
By Randy Watkins | CTO, CRITICALSTART
Featured in Forbes | February 11, 2020
The Life of Data, the fuel for AI: Security
Recent surveys, studies, forecasts and other quantitative assessments of the progress of AI highlight anxiety about AI eliminating jobs, the competition for AI talent, questions about employees AI preparedness, and data quality, literacy, privacy, and security.
70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day; survey respondents report a false-positive rate of 50% or higher; 78% said it takes more than 10 minutes to investigate each alert, a significant increase from 64% who said the same in 2018; 41% believe their primary responsibility is to analyze and remediate threats, opting instead to reduce investigation times and alert volumes, a dramatic decrease from 70% in 2018 [CRITICALSTART survey of more than 50 Security Operations Center (SOC) professionals]
Forbes Contributor, Gil Press, outlined the recent cybersecurity industry trends and statistics in his recent article. Read more to see how CRITICALSTART‘s 2019 Impact of Security Alert Overload survey report factored into his findings.
READ MORE
Featured in Forbes | January 30, 2020
How can enterprises and IT professionals combat the increasing IT security threats without feeling burnt out?
With the number of security attacks that enterprises are facing, it’s no wonder why some IT security professionals are feeling burnt out. In addition to an overall increase in attacks, dealing with security alerts require lengthy investigations. This is further compounded by the advent of the GDPR in Europe and CCPA in California, which imposes substantial fines on enterprises that don’t abide by security and privacy regulations.
In a report titled “The Impact of Security Alert Overload,” Critical Start spells out just how bad the situation is. The report was developed from surveying 50 security operations centers (SOC) in Q2 2019. The report concludes that “SOC analysts continue to face an overwhelming number of alerts each day.” The report also found that it’s taking longer to investigate and resolve security issues raised by alerts.
No Jitter Contributor, Gary Audin, outlines the recent cybersecurity industry trends and statistics in his recent article.
Featured in No Jitter | January 24, 2020
Hackers linked to Iran are probing American companies for vulnerabilities, cybersecurity researchers and U.S. government officials say.
The warnings suggest that the next phase of hostilities between the U.S. and Iran, following the Jan. 3 killing of a top Iranian general in an American drone strike, is likely to play out in cyberspace.
The Iranian regime is accused of being behind some high-profile online operations against American targets in recent years.
“Right now what we’re seeing instead is a huge increase in reconnaissance activity,” Jordan Mauriello, SVP of Managed Security at CRITICALSTART, said in an interview with NPR. “Specifically looking for potentially vulnerable servers, data gathering. …They’re kind of preparing the battle plan in the cyberspace.”
Featured in NPR | January 21, 2020
As the shortage of security professionals grows, most organizations struggle to attract and retain the talent necessary to mitigate risk. Though analysis efficiency in investigating security alerts is improving with automation advancements, organizations still face an overwhelming number of false positives generated by activity that is not malicious.
When managing false positives, there are three primary methods traditionally used:
The resource-oriented approach isn’t an option for most organizations due to the high cost and long implementation timelines. Those who have the budget will face the challenge of finding talented analysts and avoiding turnover.
Input-oriented and priority-oriented are both methods of controlling false positives by accepting unquantified risk. Modifying inputs and correlation logic to lessen false positives may prove effective but introduces the risk of missing malicious activity (false negative). Reducing the number of security alerts by ignoring lower-priority alerts or modifying a security product’s alert thresholds doesn’t reduce false positives enough to justify the risk of missing cybersecurity attacks. To address the shortcomings of resource-oriented and input-oriented false positive management, the priority-oriented approach remains prominent and is delivered as a feature by most security products.
Focusing resources on critical alerts at first seems intuitive. However, most security products lack the business context necessary to assign criticality. While some security products integrate with knowledge sources like asset lists and Active Directory to contextualize alert subjects, there is not a scalable way to provide context to the activity generating the alert. The priority-oriented approach accepts risk by ignoring lower-priority alerts that are never resolved. While this decision may have been made by the organization to reduce the number of alerts, it is unlikely diligence was performed to quantify the risk involved. As highlighted by the Target breach, even less “exciting” alerts determined to “not warrant immediate follow up” can lead to a significant breach.
Resolving alerts without accepting risk requires resolving every alert without crippling the effectiveness of security tools by changing alert thresholds or ignoring security events. Because none of the methods of managing false positives above will result in a no-accepted-risk outcome, three principals must be adopted:
The concept of “unprioritizing” is a unique challenge. Prioritization itself isn’t the problem; rather, it’s how prioritization is applied.
By aggregating every alert with the same priority, every alert must be resolved in the order of arrival. During triage, analysts with knowledge of the business and its processes provide the required context for proper prioritization.
Until this context is added, the intent of the alert’s action is unknown. Machine learning (ML) and artificial intelligence (AI) claim to provide value during this step, detecting anomalous user activity, but anomalous does not mean malicious.
Additionally, ML and AI typically rely on cumulative risk scoring, requiring actions to meet a specified level of anomalous activity before triggering a detection, adding the risk of missed detections when malicious behavior doesn’t meet that threshold.
ML and AI may also exacerbate the problem of false positives with environment changes like new domain administrators or employees changing roles. ML and AI increase detection capabilities, but those detections also require triage by analysts.
Though an approach to resolve every alert regardless of priority requires a large initial investment, it does scale over time. Resolving every alert represents the only solution to manage security alerts without accepting unnecessary risk. While risk acceptance is a business decision, previous methods of false-positive reduction fail to present a reasonable alternative that detects attacks before a breach occurs. Resolving every alert provides an alternative to legacy approaches and moves the conversation to reasonable risk acceptance focused on stopping breaches versus controlling budgets.
By Randy Watkins | CTO, CRITICALSTART
Featured in Forbes | January 17, 2020
Automation is helpful in reducing the time to investigate alerts.
Cybersecurity providers are being bombarded with alerts, many of which turn out to be false positives, creating challenges for the industry.
That’s according to CRITICALSTART‘s latest report, The Impact of Security Alert Overload. MSSPs, Managed Detection and Response (MDR) providers and Security Operations Center (SOC) professionals were surveyed for the report.
CRITICALSTART found that 70% of cybersecurity professionals investigate more than 10 security alerts daily, a marked increase from 2018 when just 45% reported investigating double-digit alerts each day. And respondents reported a false-positive rate of 50% or higher, meaning valuable time that could be used to strengthen an organization’s security posture is being spent chasing cyber ghosts.
Featured in Channel Futures | January 16, 2020
Cyberattacks, already seen as the top risk of doing business by executives, are likely to receive renewed attention — and spending — as tensions between the U.S. and Iran escalate.
Last weekend, a group claiming to be Iranian hackers defaced a federal government library website with a violent image depicting President Donald Trump. The White House and FBI haven’t confirmed or commented on the library hack, but if it is Iran’s work, it’s only a hint of what Iranian’s cyber army is capable of.
In a terror alert following the Soleimani strike, the Department of Homeland Security warned of Iran’s long history in cybercrime and ability to target critical infrastructure.
“In today’s cyber threat landscape, it’s not just the military-industrial and defense industries that have a legitimate reason to be concerned about cyber terrorism and state-sponsored cyber attacks. Attacks from state-sponsored sources have significantly increased over the past few years for businesses, too,” Jordan Mauriello, SVP of Managed Security at cybersecurity firm CRITICALSTART told CNBC in an email.
“From financial services and healthcare to even retail services, targeted attacks against any number of organizations could occur in an attempt to disrupt the U.S. economy,” Mauriello said.
Featured in CNBC | January 7, 2020
Technology is ever-changing, and it’s important for every business to keep up with new gadgets and trends. That’s why many businesses look to their chief technology officers for guidance on creating a tech strategy that serves their company.
When hiring a CTO for your business, you’ll want to look for someone with the right knowledge and experience to get the job done. CRITICALSTART‘s Randy Watkins joins his fellow Forbes Technology Council members to weigh in on what questions you should ask when interviewing candidates.
“When interviewing candidates for any technical position, I drill them on their sources of information and updates. I’ll ask them to explain the last interesting article they read to understand the effort they put into maintaining knowledge relevance,” said Watkins.
Featured in Forbes | January 6, 2020
With an exclusively remote tech team, there may be fewer opportunities for team building. However, with a bit of extra effort, it’s possible to build extraordinary camaraderie within a remote group. Forbes Technology Council surveyed Randy Watkins, CTO for CRITICALSTART, and 13 other council members for their best tips for tech executives looking to build a strong team culture among their remote staff.
“Communication is essential for teams to perform whether they’re local or remote, but keeping a remote resource engaged goes beyond better communication,” said Watkins. “The camaraderie built with internal teams comes from personal connections built over time. I try to make that something that remote resources experience by sending small trinkets of interest and inclusion.”
Featured in Forbes | December 19, 2019
The endpoint security market has evolved over the last decade from a “one agent to rule them all” approach, to “best of breed,” to today’s “Platformula” model. The evolution of endpoint security companies has driven innovation in machine learning (ML), user and entity behavior analytics (UEBA), root-cause analysis (RCA), and managed detection and response (MDR). Numbering at times in the dozens, this highly commoditized space is a constant target for merger and acquisition, expansion of legacy antivirus suites and VC-backed startup companies to take a piece of the near-$20 billion market opportunity.
With so much attention from endpoint security manufacturers — and the frequency of change — it can be difficult for organizations to choose the best product to fit their business requirements. While most organizations build out a requirement matrix for a proof of concept, it’s not always feasible to evaluate those requirements against every player in the space.
Randy Wakins, CTO of CRITICALSTART and Forbes Technical Council member, shares his thoughts on how to get the most out of your endpoint security solution evaluations and the importance of understanding what goes into vendor comparison before making a technology investment.
Featured in Forbes | December 12, 2019
Critical Start CTO, Randy Watkins, was recently tapped for membership in the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives.
Watkins was selected by a review committee based on the depth and diversity of his experience. Criteria for acceptance include a track record of successfully impacting business growth metrics, as well as personal and professional achievements and honors.
“We are honored to welcome Randy into the community,” said Scott Gerber, founder of Forbes Councils, the collective that includes Forbes Technology Council. “Our mission with Forbes Councils is to bring together proven leaders from every industry, creating a curated, social capital-driven network that helps every member grow professionally and make an even greater impact on the business world.”
“I’m honored to join this exclusive group of technology executives to offer my expertise as a resource to the rest of the council,” said Watkins. “My participation will help CRITICALSTART further cement our leadership role in cybersecurity, a growing challenge facing every organization today.”
Forbes Councils is a collective of invitation-only communities created in partnership with Forbes and the expert community builders who founded the Young Entrepreneur Council (YEC). In Forbes Councils, exceptional business owners and leaders come together with the people and resources that can help them thrive.
November 27, 2019
Breaches are increasing – a proactive approach to data protection can help you safeguard your organization’s data.
2019 has not been a good year for healthcare data. HIPAA’s Healthcare Data Breach Report, says the first six months of the year saw 9,652,575 Americans exposed to breaches. Factoring in the American Medical Collection Agency data breach (24.4 million patient records exposed in a June breach) – 2019 could see more breaches in one year than the previous three years combined.
Despite this, healthcare organizations can take proactive steps to protect their data. Callie Guenther, CYBERSOC Data Scientist at CRITICALSTART, outlines the challenges healthcare organizations face and the proactive steps they can take to help stave off a breach.
Featured in Health IT Outcomes | November 8, 2019
“Security is really the art of handling risk” – Randy Watkins, CTO of CRITICALSTART.
It’s clear that managed security services providers (MSSPs) have a ripe opportunity to step into the gap and help small-to-medium-sized businesses (SMBs) and small-to-medium-sized enterprises (SMEs) meet the daunting challenge of preserving the privacy and security of sensitive data.
CRITICALSTART is making some hay in this space — by striving to extend the roles traditionally played by MSSPs. The company has coined the phrase managed detection and response, or MDR, to more precisely convey the type of help it brings to the table.
Recently our CTO, Randy Watkins, spoke to Byron Acohido of The Last Watchdog about the difference between ‘risk-oriented’ versus ‘controlled-based’ security and how quantifying risks is the first step to defending network breaches.
Read Acohido’s blog and listen to the full podcast interview
The Last Watchdog | October 4, 2019
Ransomware attacks are not going away. Security researchers have repeatedly warned the public sector about their data vulnerabilities. Yet they continue to get hammered by cyberattacks launched by hackers demanding ransom for their hijacked systems.
Callie Guenther, CYBERSOC Data Scientist for CRITICALSTART, outlines the step organizations can take to help stave off an attack, protect vital data in the process, and potentially save organizations millions of dollars.
Featured in Government Computer News (GCN) | September 20, 2019
Featured in American City&County | September 18, 2019
The subject of password strength and complexity requirements has been discussed and debated ad nauseam in the security industry. It’s a subject as old as information security and will not be going away any time soon.
Cory Mathews, Offensive Security Technical Lead for CRITICALSTART‘s TEAMARES, outlines the importance of proper password management and the steps you can take to increase your security against potential malicious actors.
Featured in infoTECH | September 13, 2019
Artificial intelligence (AI) and machine learning (ML) are being heralded as a way to solve a wide range of problems in different industries and applications, such as reducing street traffic, improving online shopping, making life easier with voice-activated digital assistants, and more.
Jordan Mauriello, Senior Vice President of Managed Services at CRITICALSTART, discusses the real value that artificial intelligence and machine learning play in the cybersecurity process, versus the value that humans bring.
Featured in Security Magazine | September 5, 2019
With the evolution of cybersecurity over the last decade, it’s easy to forget what security is; the art of dealing with risk. The flood of funding into the space has created a host of marketing buzzwords that pollute the board room and pull the attention from the “why?” of security. What is the reason cybersecurity exists? What is the problem we’re trying to solve?
Randy Watkins, Chief Technology Officer at CRITICALSTART, discusses common risky decisions and the steps organizations can take to assess and address those risks.
Featured in CPO Magazine | August 15, 2019
Adoption of zero-trust and micro-segmentation as core design principles can help improve the security posture of your network and the attached systems. However, it is important to understand how we got to our current state to understand how these principles can help us.
Chris Yates, Senior Security Architect at CRITICALSTART, discusses the keys to adoption and how to move past two of the core challenges organizations face.
Featured in Security Boulevard | August 7, 2019
Enterprise CIOs, CSOs, and VPs of security need business outcomes and a positive ROI from their MSSP. One way to achieve this level of trust is with radical transparency with zero trust, as it gives in-house security teams the ability to view details around their security events, triage decisions and analyst notes to help them better operate and secure their business.
Jordan Mauriello, Senior Vice President of Managed Security at CRITICALSTART, explains that while this approach might be “new” and “radical” now, it is quickly becoming the industry standard demanded by enterprise organizations seeking MSSPs.
Featured in Infosecurity | July 17, 2019
A Plano cybersecurity firm will open offices in Los Angeles and New York in a national expansion fueled by its first outside investment.
CRITICALSTART said it’s raised $40 million from New York private equity firm Sagemount to accelerate its expansion. The company’s software detects and investigates computer security alerts.
It’s the latest Dallas-Fort Worth technology company to score a sizeable private investment this year. Earlier this week, Plano digital banking firm Alkami raised $55 million to continue its growth.
“As an employee-owned company, CRITICALSTART was looking for a capital partner that understood the market opportunity and valued our culture and focus,” CEO Rob Davis said in a statement Wednesday. “Sagemount proved to be the perfect fit.”
Sagemount partner Michael Kosty described CRITICALSTART as a profitable company that was “successfully attacking the market … on its own but sought to accelerate product development and partnership opportunities.”
Featured in The Dallas Morning News | June 13, 2019
Critical Start, a Top 100 MSSP with managed detection and response (MDR) cybersecurity services, has raised $40 million to expand nationwide across the United States. The funding involves a minority investment from Sagemount, a growth equity firm.
Among the Plano, Texas-based company’s latest moves: Opening field service offices in New York City and Los Angeles, California to support enterprise customers and channel partners.
Featured in MSSP Alert | June 12, 2019
The U.S. Customs and Border Protection said this week that travelers’ images and personal data such as driver’s license info were compromised in a breach. While the threat of identity theft is very real, the real-world implications of one or more data breaches like this one will likely far exceed this expectation.
“It does no good to have people well-trained in the technical aspects of security if they forget that their clients are real, feeling people who are fearful in a world of the unknown,” said Callie Guenther, cybersecurity expert at CRITICALSTART.
Featured in Channel Futures | June 12, 2019
Critical Start is looking beyond itself to fuel fresh growth.
The Plano cybersecurity company raised $40 million in its first outside investment, it said in a statement on Wednesday.
The funding will help the company bolster its sales and marketing in North America and potentially Europe, according to Rob Davis, Critical Start’s chief executive. In addition, there will be hiring on its software development team. The company got a valuation of $150 million, he said.
Featured in Dallas Business Journal | June 12, 2019
Nearly two years after the Equifax breach, the fallout is far from over. As detailed in the 96-page Senate Committee on Investigations report, serious flaws in the financial systems’ consumer data security framework were exposed. Sen. Elizabeth Warren (D-Mass.), a vocal critic of Wall Street and its many entities, echoes the Reuters report, stating that Equifax “failed to implement an adequate security program to protect this sensitive data, and as a result, Equifax allowed one of the largest data breaches in U.S. history.”
Callie Guenther, CYBERSOC Data Scientist for CRITICALSTART, discusses the serious flaws in the financial systems’ consumer data security framework and the impact of such an event.
Featured in Credit Union Times | June 10, 2019
The role of data in today’s business world cannot be overstated. Competitive intelligence is inextricably linked to the speed at which valuable data can be consumed and analyzed to yield important business insights. While the artificial intelligence and machine learning industry are on an upward trajectory, limiting factors such as data storage and networking bottlenecks must be addressed to assure the maximum benefit from these technologies.
Callie Guenther, CYBERSOC Data Scientist at CRITICALSTART, outlines the importance of fully optimized storage solutions for AI and ML training and understanding the connection between your data and the problem you are striving to resolve.
Featured in Information Management | May 6, 2019
You’ve purchased a next-generation firewall. You understand the why, but how do you make the most of your investment? What’s next?
When it comes to next-generation firewall technology, determining the best implementation methodology can be a bit daunting, from trying to determine which features to enable first or how to enable new capabilities without impacting users or critical business functions.
Chris Yates, Senior Security Architect for CRITICALSTART, offers his step-by-step approach on how to minimize the impact on end-users and critical business processes, while drastically improving the security posture of your network, providing increased visibility and enforcement capability.
Featured in TCMnet InfoTech Spotlight | May 30, 2019
In an era of fake news and constant misinformation, Facebook/Instagram/WhatsApp hoaxes have become a prime vector for malicious actors to take information from users who are willingly handing it over in the hopes of gaining goods or services in return. Gone are the days of the Nigerian Prince emails, welcome to the new age of social engineering.
Moez Janmohammad, a cybersecurity engineer at CRITICALSTART, discusses how to protect your organization given the evolving sophistication of cybercriminals.
Featured in Retail IT Insights | May 2, 2019
Industry’s only Zero-Trust Analytics Platform with full transparency and MOBILESOC app now integrated with Palo Alto Networks cloud-based endpoint security, and detection and response service
Plano, TX – February 27, 2019 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has integrated Palo Alto Networks Traps Management Service as part of the advanced technology stack of its Managed Detection and Response (MDR) service. Palo Alto Networks Traps Management Service stops threats on the endpoint and coordinates enforcement with cloud and network security to prevent successful cyber attacks.
Palo Alto Networks recently introduced Cortex, the industry’s only open and integrated AI-based continuous security platform. CRITICALSTART will host managed services for Cortex, starting with Cortex XDR, the first-of-its-kind detection, investigation and response product that natively integrates network, endpoint and cloud data to stop sophisticated attacks.
CRITICALSTART will improve the visibility and contextual view of critical events in the organization through the addition of Palo Alto Networks Traps and Cortex XDR data as part of their Zero-Trust Analytics Platform (ZTAP). This offering dramatically reduces alerts by 99% to enable CRITICALSTART’s CYBERSOC analysts to focus only on unknown events using high-fidelity information all while ensuring customers have complete transparency into the MDR alerts, responses and actions.
“As we continue to extend our collaboration with Palo Alto Networks, the integration of Traps and Cortex XDR with our MDR service provides the ideal zero-trust defense for enterprises facing a dramatic increase in malware, exploits, ransomware, and other endpoint attacks,” said Rob Davis, CEO at CRITICALSTART. “As we expand our MDR technology stack and differentiate through our ZTAP, customer transparency, and mobile-first workflow, we’ve seen the resulting impact on our business as our MDR service has grown nearly 300% in the past year.”
“Palo Alto Networks Cortex XDR, in combination with managed security services from partners, like CRITICALSTART, delivers round-the-clock monitoring, analysis and coordinated response across network, endpoint and cloud environments to secure our customers’ most critical assets,” said Karl Soderlund, SVP, Worldwide Channel Sales. “Our collaboration will provide more holistic security outcomes delivered through an even simpler managed model.”
A trusted cybersecurity partner to hundreds of enterprise and mid-sized customers across a variety of industries, CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and Zero-Trust MDR services to help customers achieve a mature security posture that meets their specific needs. CRITICALSTART’s CYBERSOC, expert security analysts and Zero-Trust Analytics Platform (ZTAP) allows the company to provide MDR services delivered in a transparent process using a mobile-first approach through the company’s MOBILESOC app, untethering security personnel from their desktops.
CRITICALSTART’s MDR service with Traps is available now to customers. The company will be rolling out Cortex XDR functionality in the near future.
About CRITICALSTART
CRITICALSTART is leading the way in Managed Detection and Response. Our mission is simple: protect our customers’ brand while reducing their risk. We do this for organizations of all sizes through our award-winning portfolio, from the delivery of managed security services to security-readiness assessments using our proven framework, the Defendable Network, professional services, and product fulfillment. CRITICALSTART has achieved the Service Organization Control (SOC) 2 Type II compliance certification and was recently named a CRN® 2018 Triple Crown Winner. Visit www.criticalstart.com for more information.
Automated and audited process integrated into the MDR provider’s Zero-Trust Analytics Platform ensures the quality and consistency of security alert analysis in full view for customers
Plano, TX – February 7, 2019 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced SOCReview™, the world’s first automated and audited process for measuring the subjective nature of security alert analysis. Committed to full transparency for its Managed Detection and Response (MDR) service, CRITICALSTART’s SOCReview takes it to the next step in “radical transparency” by integrating quality control and two-person integrity directly into the Zero-Trust Analytics Platform (ZTAP) that powers the company’s MDR services for hundreds of enterprise and mid-sized customers.
Historically, Managed Security Services Providers (MSSPs) have touted policies or service level agreements around forwarding security events to customers in less than five minutes. In a cybersecurity market overrun with alerts and a shortage of qualified staff, forwarding events does not deliver the real value of careful investigation and simply shifts the analysis burden to customers. MDR services replace the legacy MSSP approach by investigating security events and providing the analysis needed to properly respond. However, real analysis is subjective, requires human judgment and takes time, raising questions for customers about their quality and efficacy if hidden behind the typical “black box” MDR approach.
CRITICALSTART is the only MDR provider that recognizes the importance – and subjective nature – of human analysis and created SOCReview to add a layer of quality assurance with full customer transparency. Based on machine learning technology, SOCReview samples a subset of alerts for review and scoring based on the quality and completeness of the investigation and then automatically adjusts the number of alerts reviewed per analyst based on their ongoing analysis scores. In addition, all automation playbooks created or modified to eliminate false positives require a second analyst to conduct an audited review that is available to our customers.
“One of our founding principles is that customers come first, so SOCReview is another example of our ‘radical transparency.’ We provide MDR customers access to everything we do, so they can verify the high quality of our services,” said Rob Davis, CEO at CRITICALSTART. “As a high-growth, independent MDR, we are not beholden to outside investors or boards and can take the time to invest in our SOC personnel, SOC technology automation, and continuous DevOps improvements that add value and make our customers more secure.”
CRITICALSTART makes significant investments in its SOC team to maintain the industry’s highest level of expert security analysis and recommendations. Each of the company’s SOC analysts receives 160 hours of training before they ever work in a customer’s environment as well as 40 to 80 hours of additional training each year. As a result, CRITICALSTART’s MDR service grew more than 300% last year and maintains a 99% customer retention rate.
CRITICALSTART is the fastest growing MDR service in North America, and we are expanding our service offerings and integrations with new technologies that increase our capabilities for our customers.
CRITICALSTART has partnered with Microsoft to build a strong integration between Windows Defender ATP and our ZTAP Security Orchestration Automation and Response MDR service. WDATP solution provides excellent visibility to the endpoint, strong response capabilities for analysts, and advanced hunting features. We are currently at a point where we are validating our final phase of development and ensuring that we deliver our expected high-quality service for production customers.
We are asking for YOUR help! We need up to three beta customers who currently have Microsoft Defender ATP deployed as a part of their current production environment and using the Security Center. We will provide configuration and policy assistance at no cost. The beta includes access to our MOBILESOC application that allows you to triage WDATP events, kick off scans, and isolate endpoints directly from our native iOS and Android applications. We will provide free MDR SOC services for three months to the customers involved in this beta. Our MDR service includes 24×7 monitoring from the CRITICALSTART CYBERSOC based in Plano, TX, where our top-tier analysts will provide monitoring services for all of your Defender ATP events and incidents for the entire beta.
This offering is limited to the first three customers who reply depending on the size of the environment and the fit for the testing.
Plano, TX – December 4, 2018 – CRITICALSTART, today announced it has become a Palo Alto Networks® NextWave Diamond Channel Partner. CRITICALSTART joins a select group of channel partners who have met the Diamond Partner performance, capabilities and business requirements of the Palo Alto Networks NextWave Channel Partner Program.
“CRITICALSTART invested in technical resources to deliver professional services and assist pre-sales architecture and design around Palo Alto Networks continuously evolving and innovative portfolio,” said Rob Davis, CEO at CRITICALSTART. “The strategic alignment between CRITICALSTART and Palo Alto Networks provides customer value by combining our holistic approach to security program design with their best-of-breed offerings to create a strong security posture to defend against new and emerging threats.”
“As the cybersecurity industry evolves, our NextWave partners play a vital role in helping our mutual customers implement the products they need to prevent successful cyberattacks,” said Karl Soderlund, senior vice president of Worldwide Channels at Palo Alto Networks. “As a NextWave Diamond Partner, CRITICALSTART has the proven expertise to deliver, manage and integrate with our Security Operating Platform to make threat prevention a reality.”
The NextWave Channel Partner Program provides partners with the pre-sales, sales and post-sales capabilities to successfully deliver and install the Palo Alto Networks Security Operating Platform, which empowers customers to confidently automate threat identification and policy enforcement across cloud, network, and endpoints. These capabilities are instrumental in ensuring the optimal customer experience. As such, partners’ achievements in the program are proactively monitored and annually assessed.
To learn more about CRITICALSTART, visit: criticalstart.com
About CRITICALSTART
CRITICALSTART is leading the way in Managed Detection and Response. Our mission is simple: protect our customers’ brand while reducing their risk. We do this for organizations of all sizes through our award-winning portfolio, from the delivery of managed security services to security-readiness assessments using our proven framework, the Defendable Network, professional services, and product fulfillment. CRITICALSTART has achieved the Service Organization Control (SOC) 2 Type II compliance certification and was recently named a CRN® 2018 Triple Crown Winner.
###
Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
List Recognizes the Fastest-Growing Aggie-Owned Businesses in 2018
Plano, TX – November 13, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced that it has been selected by the Texas A&M Mays Business School’s McFerrin Center for Entrepreneurship for the 14th Annual Aggie 100 list. The honorees were announced on Friday, November 9th during a private, invitation-only awards ceremony at the Hall of Champions at Texas A&M University. Rob Davis ‘90, CEO, and Tera Davis ‘94, Managing Director, are both graduates of Texas A&M University and attended the ceremony to accept the award for CRITICALSTART.
The Aggie 100 program identifies, recognizes, and celebrates the 100 fastest-growing Aggie-owned or operated businesses throughout the world. To be considered for the Aggie 100, companies (corporations, partnerships, sole proprietorships) must meet specific criteria and operate in a manner consistent with the values and image of Texas A&M University.
“As an alum, being honored on the Aggie 100 list is especially rewarding and reflects a year of strong growth and achievement at CRITICALSTART, and I would like to thank our customers for their support and our employees for their commitment and effort,” said Rob Davis. “The knowledge, skills, and experience we acquired at Texas A&M laid the foundation for the success of CRITICALSTART since its inception in 2012. Tera and I are honored to be a part of the Aggie 100.”
“The amazing companies on the Aggie 100 list demonstrate the strong technology, engineering and entrepreneurial programs and culture that Texas A&M fosters,” added Tera Davis. “In fact, we regularly recruit and hire Texas A&M graduates based on their ability to immediately make an impact in helping to continue growing CRITICALSTART’s business.”
CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and Managed Detection and Response (MDR) services, making it well positioned to protect important data and customer brands. The company increased year-over-year (YoY) revenue by 87 percent in the first seven months of 2018, and its MDR business has grown 300 percent YTD in 2018 when compared to all of 2017.
A complete Aggie 100 list can be viewed at www.aggie100.com.
Randy Watkins to Lead Strategic Technology Initiatives for Fast-Growing Leader in MDR Services, Cybersecurity Solutions, and Threat Intelligence
Plano, TX – November 9, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has appointed Randy Watkins as Chief Technology Officer (CTO), effective immediately. In this role, Watkins will be responsible for designing and executing the company’s strategic technology initiatives, which includes defining the strategy and direction of CRITICALSTART’s Managed Detection and Response (MDR) services delivered by the Zero-Trust Analytics Platform (ZTAP).
Previously, Watkins served as CRITICALSTART’s Director of Security Architecture, where he set the strategy for emerging vendor technologies, created the Defendable Network reference architecture, and set product direction for the company’s internally-developed Security Orchestration Automation and Response platform. Watkins was employee number five when he joined CRITICALSTART in 2012.
Watkins is a respected author and speaker on cybersecurity trends and is well-versed in applying security technologies, in practical and meaningful ways, to improve vulnerability management and security infrastructure for enterprise customers. He holds numerous security certifications in data analysis, data science, computer science, and leadership. Watkins earned a bachelor’s degree in Information Systems Security and an associate degree in Computer Networking Systems, both from ITT Technical Institute.
“Randy has excelled in every position since starting at the company,” said Rob Davis, CEO at CRITICALSTART. “He has keen insight into the functionality required by solution offerings to deliver customer value. His new focus will speed the development of features and integrations required to support the fastest growing MDR service in North America.”
CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and MDR services, making it well positioned to protect important data and customer brands. The company increased year-over-year (YoY) revenue 87 percent in the first seven months of 2018, and its MDR business has grown 300 percent YTD in 2018 when compared to all of 2017.
Fifth Annual Award Program Recognizes Standout Solution Providers
Plano, TX – October 10, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced that CRN®, a brand of The Channel Company, has recognized CRITICALSTART for earning its 2018 Triple Crown Award. This year 46 solution providers in North America reached the qualifying revenue, growth, and technical expertise to be named on three of CRN’s prestigious solution provider lists, earning them the Triple Crown Award this year.
Each year CRN announces lists and rankings to distinguish solution providers who are outshining their peers in the IT channel. It is a great accomplishment for a solution provider to make any one of these lists; so being named in three, as this year’s Triple Crown winners have been, deserves special acknowledgment. This year’s CRN Triple Crown Award winners rank among the largest IT solution providers by revenue in North America on the Solution Provider 500 list; are among the fastest growing organizations in the channel today on the Fast Growth 150 list; and have made the Tech Elite 250 list by receiving the highest level certifications from leading vendors.
CRITICALSTART was selected based on its growth over the past year and its commitment to serving partners, as mid-market and enterprise organizations continue to look for more assistance to combat today’s complex and rapidly growing security threats. The company offers channel partners Managed Detection & Response (MDR) services based on innovative technology featuring a mobile-first, Zero-Trust security analytics platform delivered in a completely transparent process. And, the CRITICALSTART MOBILESOC app allows users to investigate, escalate, comment on, respond to, and remediate security incidents. The company recently announced that it increased year-over-year (YoY) revenue by 87% in the first seven months of 2018, and opened a new facility to support current and future growth.
“Earning the Triple Crown Award from CRN symbolizes a year of growth and achievement at CRITICALSTART, and this success is due to the dedication and commitment of our employees to deliver excellent service and support for our partners,” said Rob Davis, CEO at CRITICALSTART. “Being recognized on three different award lists from CRN demonstrates our commitment to customer service, technical innovation and building a strong business.”
“Each Triple Crown award-winner has simultaneously generated high enough revenue to be ranked on the Solution Provider 500 List, achieved double- or triple-digit revenue growth for recognition on the Fast Growth 150, and devoted significant time and effort to top certifications to attain Tech Elite 250 status,” said Bob Skelley, CEO of The Channel Company. “Congratulations to each one of these high-achieving companies who continue to raise the bar for success in the IT Channel.”
The 2018 Triple Crown Award winners will be featured in the October issue of CRN and can be viewed online at www.crn.com/triplecrown.
Tweet This: @TheChannelCo honors @CriticalStart with @CRN Triple Crown Award #CRNTripleCrown crn.com/triplecrown
Certification Validates CRITICALSTART’s Adherence to Higher Industry Security Standards for a Service Organization
Plano, TX – September 20, 2018 – CRITICALSTART, a leading provider of cybersecurity solutions, today announced it has achieved the Service Organization Control (SOC) 2 Type II compliance certification, confirming the company’s commitment to security best practices based on the standards defined by the American Institute of Certified Professional Accountants (AICPA).
CyberGuard Compliance, an independent, third-party auditing firm, verified CRITICALSTART’s process and controls met the Trust Services Criteria for security, availability, processing integrity, confidentiality, and privacy. As part of the Type II certification, CyberGuard Compliance tested both the design and operational effectiveness of CRITICALSTART’s controls and processes. This certification solidifies the company’s resolve to provide its customers with industry-leading controls and processes to protect the confidentiality and privacy of their data.
A trusted cybersecurity partner to hundreds of mid-size and enterprise customers across a variety of industries, CRITICALSTART offers a powerful combination of professional services, strategic product fulfillment, and “Zero Trust” Managed Detection & Response (MDR) services to help customers achieve a mature security posture that meets their specific needs.
“As a cybersecurity company, we understand how important it is to have clear controls, processes, and policies for protecting customer data and the systems that process it for our MDR services,” said Rob Davis, CEO at CRITICALSTART. “This certification assures our prospective and existing customers that we use a rigorous, multi-faceted approach to securing their critical business assets.”
Second Annual List Honors Leading MSSPs & Cybersecurity Companies That Safeguard Customers’ Digital Assets.
Plano, TX – September 19, 2018 – MSSP Alert, published by After Nines Inc., has named CRITICALSTART, a leading provider of cybersecurity solutions, to the Top 100 MSSPs list for 2018. The list honors the top 100 managed security services providers (MSSPs) that specialize in comprehensive, outsourced cybersecurity services.
The Top 100 MSSP rankings are based on a combination of MSSP Alert’s 2018 readership and aggregated third-party research. The research recognized these MSSPs to proactively monitor, manage and mitigate cyber threats for businesses, government agencies, educational institutions and nonprofit organizations of all sizes.
“We are excited to be named a 2018 Top 100 MSSP and believe that it is further recognition of the unique technology platform that drives our Managed Detection and Response services – the zero-trust platform gives customers full transparency while the MOBILESOC app allows customers to investigate, escalate and remediate issues from anywhere,” said Rob Davis, CEO at CRITICALSTART. “The 300% growth we have experienced in our managed security business over the last year reflects the growing market need for a better approach to managed security services. The legacy model of simply trying to hire more SOC analysts to manually review every alert isn’t sustainable in today’s market.”
Building and operating a true MSSP requires major financial, technical and business commitments. Fully 63 percent of top MSSPs surveyed maintain their own security operations centers (SOCs) on a 24x7x365 basis. Another 24 percent depend on hybrid models in which some SOC services are outsourced, with the remaining 13 percent either formulating strategies or completely outsourcing their SOC services.
Demand for MSSPs has escalated amid rising cyberattacks, malware and ransomware incidents worldwide. The shortage of cybersecurity skills has further heightened the need for world-class MSSPs. Global managed security services are expected to skyrocket to $101 billion in the next nine years, advancing at an eye-popping 18% compound annual growth rate, according to Persistence Market Research.
“After Nines Inc. and MSSP Alert congratulate CRITICALSTART on this year’s honor,” said Amy Katz, CEO of After Nines Inc. “As MSPs increasingly introduce managed security services, CRITICALSTART continues to stand out in the fiercely competitive cybersecurity market.”
The Top 100 MSSPs list and research were overseen by Content Czar Joe Panettieri (@JoePanettieri). Find the online list and associated report here: http://www.MSSPAlert.com/top100.
About CRITICALSTART
CRITICALSTART is the fastest-growing cybersecurity integrator in North America. Our mission is simple: protect your brand and reduce business risk. We help organizations of all sizes determine their security readiness condition using our proven framework, the Defendable Network. CRITICALSTART provides managed security services, incident response, professional services, and product fulfillment. Visit criticalstart.com for more information.
About After Nines Inc.
After Nines Inc. provides timeless IT guidance for strategic partners and IT security professionals across ChannelE2E and MSSP Alert. ChannelE2E tracks every stage of the IT service provider journey — from entrepreneur to exit. MSSP Alert is the global voice for Managed Security Services Providers (MSSPs).
All companies today are exposed to intense cyber-attacks. And yet the vast majority simply do not have the capability to effectively defend their networks.
That’s where managed security services providers, or MSSPs, come in. MSSPs monitor and manage cybersecurity systems as a contracted service. This can include spam filtering, malware detection, firewalls upkeep, vulnerability management and more.
Featured in The Last Watchdog | September 6, 2018
Cisco has issued a security advisory to customers detailing a swathe of critical and highly-rated vulnerabilities which have been resolved.
The security advisory documents three critical vulnerabilities, 19 bugs rated “important,” and a number of medium-severity security flaws.
One of the most serious bugs is a vulnerability impacting Apache Struts 2, which was publicly disclosed in August together with proof-of-concept (PoC) code.
Featured in ZDNet | September 6, 2018
Two high-severity vulnerabilities have been disclosed in Cisco’s security platform that could allow an attacker to gain administrative privileges – and take full control of the impacted machine.
The glitches, disclosed Wednesday, affect two parts of Cisco Umbrella, a secure internet gateway that acts as a cloud-delivered security service for corporate networks. Specifically, the Cisco Umbrella ERC and Cisco Umbrella Roaming Module are impacted.
Cisco has released software updates addressing the vulnerabilities.
Featured in Threat Post | September 6, 2018
Cisco published on Wednesday 30 security advisories on vulnerabilities identified in its products. Half of them are for high and critical severity bugs.
Only three alerts refer to security problems with critical impact; among them is the recently disclosed remote code execution vulnerability in Apache Struts, for which several proof-of-concept exploits exist.
Cisco notes that not all of its products that include an affected Struts library are vulnerable because of the way they use the library.READ MORE
Featured in Bleeping Computer | September 6, 2018
Cisco has issued security alerts for 30 vulnerabilities across a range of its products and services, with three being ranked as critical and remotely exploitable.
Some 20 different Cisco products contain a vulnerable version of the Apache Struts 2 framework that is currently under active exploitation by miscreants dropping cryptocurrency miner malware on exposed systems.
Featured in iTnews | September 6, 2018
Cisco informed customers on Wednesday that patches are available for over a dozen critical and high severity vulnerabilities affecting the company’s RV series, SD-WAN, Umbrella, and other products. Patches are also available for serious privilege escalation and information disclosure bugs in WebEx, a DoS flaw in Prime Access Registrar, a privilege escalation in Data Center Network Manager, and two command injections in the Integrated Management Controller (IMC) software.
Cisco is not aware of any instances where these vulnerabilities have been exploited for malicious purposes.READ MORE
Featured in Security Week | September 5, 2018
In the IT industry, shattering the status quo is the status quo. While big vendors generate their share of ground-breaking products, startups are a major driver of innovation and are changing the rules of the game. CRN shines a light on some of the most exciting new channel-focused vendors helping create new solutions for business and opportunities for solution providers.
CRITICALSTART’s CYBERSOC and alert classification engine is a complete offering for solution providers to offer managed security services to their customers in a completely transparent way using a mobile-first, zero-trust platform that reduces alert overload by 99.9 percent.
Featured in CRN | July 26, 2018
Today, the number of cyberattacks is on the rise. According to a 2017 report from Accenture, there are more than 130 large-scale, targeted breaches in the U.S. per year, and the number is growing by 27 percent annually. As a result, distributed enterprise IT environments are facing more complex threat landscapes. Threat actors and hackers are continually evolving their techniques and using new machine-generated attacks on a daily basis. With all this change, it can be extremely difficult for small enterprise security teams to keep up with the volume of alerts from their sprawling security infrastructure.
Jordan Mauriello, Chief Technology Officer of CRITICALSTART, discusses how the operational model of legacy managed security service providers (MSSPs) can actually leave organizations more vulnerable to cyberattacks, increasing the risk of security breaches and potential compliance issues.
Featured in Corporate Compliance Insights | July 16, 2018