All about Virtualization and Cloud Security | Recent Articles:

• To fix a problem you first need to know of its existence
• IoT devices are often the target of malware botnets and campaigns
• ISPs need to deal with IoT security from a much broader perspective

• Advertisers usually use gathered data to better target customers
• Most companies allow some sort of user tracking
• The more money companies makes from ad revenue, the laxer the rules governing data gathering

• SMEs must check whether they are impacted before the end of the UK’s transition period with the EU
• Watchdog offers guidance and resources on the actions they may need to take if they use personal data
• Update offers a reminder of what personally identifiable information (PII) is and how it’s classified

• 59% of employed Americans are more concerned about creating a strong password for personal accounts than work accounts
• 70% of remote workers don’t consider it their responsibility to keep their corporate account secure
• Organizations are behind in educating their employees on the risks associated with a compromised corporate account
• Human Risk Analytics enables IT admins to stay afloat of insider threats

• Companies need bug bounty platforms now more than ever
• The increase in the number of threats in 2020 pushed companies to secure their products better
• Human error is a main source of cyber risk

• 69% admit to using corporate devices for personal use
• 57% say they allow other members of their household to use their corporate devices for schoolwork, gaming and shopping
• 82% admit to reusing passwords

As 2020 is finally and fortunately coming to an end, here at Bitdefender, we’re already exploring what will happen next year and getting our defenses ready. While our crystal ball might not be perfect, here is a shortlist of what we expect in the 2021 cyber-threat landscape:

• Organizations don’t want to be caught off-guard again by a COVID-like crisis
• Most industries believe work-from-home is here to stay and are prearing to invest accordingly in security
• Some industries will invest way over 100 percent in their IT departments

• Advanced targeted threats are designed with a defined purpose to infect and remain undetected in a network over a prolonged period
• Endpoint Protection has fundamental limitations as advanced threats easily circumvent traditional defenses by using varied tactics, techniques and procedures (TTPs)
• Bitdefender Endpoint Detection and Response (EDR) provides superior performance, security analytics and incident management capabilities to enjoy a privileged spot amongst competition

• 23% admitted experiencing a remote attack or disruption since the beginning of the pandemic
• The greatest perceived threats are malware and insider threats
• 29% of security seniors said they have invested in new tools but still feel inadequately protected

• Employees are 85% more likely today to leak files than pre-COVID
• 59% of IT security leaders say insider threat will increase or ‘significantly’ increase in the next two years
• More than half of organizations have no insider risk response plan
• 40% of organizations don’t assess how effectively their technologies mitigate insider threats

The recent breaches making headlines is a stark reminder that no organization is immune to cyberattacks. We firmly stand by FireEye and SolarWinds and commend them for their transparency and rapid response to help minimize impact to those affected. Like us, they fight the good fight.

• Nearly a quarter of organizations worry about security risks introduced by users working from home
• Only 27% reported full or complete visibility into user activity
• Users are mixing personal and corporate use on their work laptops and are more susceptible to phishing attacks at home

The security landscape, as well as the fast-growing market behind it, can be highly unpredictable. From adaptable threats to surges in demand, there are countless ways your company can be caught off guard. And never was this trend more visible than in the past year, when the increase in remote work prompted an avalanche of cyber threats.

• Demand for digital transformation is driving low code development platforms.
• While line-of-business workers creating software alleviates development team burdens, it can increase risk.
• Enterprises must ensure that they are managing all apps in their portfolio.

While economies were slowed down by the recent health crisis, the same cannot be said about cyber crime. Threat actors used this period as a proving ground, a time to test and perfect their tools. As the ‘’digital continuum’’ became a reality, cyber attacks diversified and exploited new ways of compromising systems.

• Attackers spoof the Microsoft.com domain
• Lookalike websites used to steal credentials
• Microsoft doesn’t implement the DMARC protocol

• With malware increasingly adopting the “as-a-service” business model, Advanced Persistent Threat (APT) groups that have traditionally been state sponsored, may see tremendous value in using the business model as well.

• Organizations of all sizes and verticals should consider evaluating and updating their threat models to include APTs, or risk falling victim to data breaches and industrial espionage.

• Feds offer advice on how to build and maintain a strong cybersecurity posture in the face of advanced hacker attacks
• Network best practices should act as a cornerstone of anyone’s cybersecurity strategy, regardless of industry or organization size
• FBI and CISA do not recommend paying ransoms as “payment does not guarantee files will be recovered”
• Advisory also includes a table containing signatures for some of the most common pieces of malware used today

• People are not always the weakest link
• Trickbot was hit, but it’s operators are trying to make a comeback
• ISP’s devices are oftentimes unwilling participants in massive botnet networks

• 4% of professionals currently use 5G and 80.7% plan to adopt 5G in the year ahead
• 30% believe 5G will mandate investing in skilled security professionals needed for implementation, maintenance and operations
• disruption caused by the COVID-19 pandemic had mixed impacts on organizational plans to adopt 5G

If the countless cyber attacks from the past months have made anything clear, it’s that threat actors move fast. Extremely fast. Worse yet, even if their targets and goals differ, cyber criminals collaborate. Much like the security world, which pools resources to highlight new threats, the cyber crime world connives to makes those threats more elusive.

• New Infographic breaks down the key attack stages and specific detections revealed by Bitdefender solutions
• Visually summarizes our detailed exposé of a Chinese APT group targeting Southeast Asian governments
• Bitdefender technology detects the malicious payloads and maps the behavior in each attack stage
• Proves the value of Endpoint Detection & Response, Managed Detection & Response and MSP solutions

• 624,000 U.S. security brokers recently targeted by FINRA spoofing attempts
• 50,000 fake login pages spoofing 200 brands tracked by researchers earlier this year
• 61% of Global 2000 firms do not use protections like DMARC authentication

• Too many IoT devices ship from the manufacturer with vulnerabilities and inadequate ways to update devices once they are deployed.
• The U.S. federal government hopes to establish a security standard through the National Institute of Standards and Technology.
• The U.S. federal government hopes it will be able to positively influence the security of IoT devices through its purchasing power

• 86% of respondents say their organization is actively using or has started using cloud-native apps today
• due to security and networking issues, only 10% run half or more business apps on Kubernetes and only 12% run a quarter or more based on microservices
• 58% of respondents say the growing volume of APIs in modern cloud-native apps is causing them problems
• respondents cited security as the top challenge resulting from this API sprawl

• DevOps teams with high levels of security integration are more than twice as likely to use self-service security and compliance validation
• Only 25% of orgs with low security integration can remediate security vulnerabilities in one day

• Fewer organizations are taking steps to mitigate cyber security risks compared with a year ago, even though the level of concern about threats has increased during the pandemic, according to a survey of business leaders.
• Nearly one quarter of the respondents said their company had been a victim of a cyber event.
• Cyber security concerns appear to be driven by the impact of the pandemic on businesses’ operations and workforces.
• Enterprises should consider taking certain steps to help reduce risk during a time of ongoing uncertainty and remote workforces.

• Data loss is one of the issues most companies fear
• Many organizations continue to implement legacy solutions to secure modern cloud environments
• Privacy is also a challenge for more organizations that deal with private data

• Remote-working has seen wider use of web-based email services
• Hackers have compromised web-based email systems to plant auto-forwarding rules to help them scam businesses

• Bitdefender Endpoint Detection and Response is our new EDR product that supplements any third-party endpoint security solution
• GravityZone gets a new executive dashboard and an enhanced SIEM connector
• All Bitdefender EDR products now feature custom EDR detection rules capabilities