This Week... Top five malware detected since the beginning of the year
View web version  
3 February 2021
SC Media | The CyberSecurity Source
An Avengers approach to cybersecurity is not fantasy, it’s compulsory
Should your organisation adopt an Avengers-style strategy to security to stand the best chance of countering emerging cyber threats? Davey Winder has been speaking to industry experts who think that psychologists, spooks, and scientists hold the key to locking down your cybersecurity defences.
Discover the top five malware detected since the beginning of the year below

Fans of Marvel’s The Avengers comic books and films know the team comprises numerous superheroes, with the line-up changing with the times to best counter the villainous threats of the day. Fans of keeping organisations secure should know where we are going with this… interdisciplinary expertise within your security operations team is not optional.

"If Bletchley Park had used people all from similar backgrounds then I'm convinced that the war would have taken a very different course," Nigel Thorpe, technical director at SecureAge Technology, says. "We need people who think about problems from as many different angles as possible."

How important is an interdisciplinary approach when building a successful team?
According to Charlee Ryman, director of recruitment at Trident Search, which specialises exclusively in the cybersecurity sector, says that rather than being important it's vital. "It crafts a diverse team that draws on knowledge and ideas from multiple backgrounds." He admits that some teams and organisations "do not currently see the value in bringing in others from different backgrounds and see it as a risk”.

But that's a big mistake. People are different. "Having a cultured and symbiotic team will allow you to predict and prevent a threat actor’s efforts at multiple layers."

So, what should the ideal Avengers security operations team look like?
Raffael Marty, VP of research and intelligence at Forcepoint, singles out three professions in particular that should be core members of the Cyber Avengers: psychologists, counter-intelligence operatives, and data scientists.

It's not exactly news to anyone that a behavioural-centric component is essential in combating social engineering in all its many nefarious forms. The game of 'spotting the anomaly' has become even more important as pandemic working patterns have changed behaviours in ways that are likely to produce more, and certainly different, cyber risk impacts to the old normal.

"Many companies, for example, are going through financial difficulties or having to make difficult decisions, such as layoffs," Marty says, which, when combined with a macro situation of high stress, "may result in some employees acting in a way that negatively impacts risk to the company.”

The skill set required to understand such behaviours and help contain the risk they present is a psychology background. "Principles of psychology allow us to understand which people are susceptible to threats and how human error impacts systems."

Next are the counter-intelligence experts. The Forcepoint X-Labs team, Marty told SC Media UK, includes people with such skill sets "who, through their experience, help develop approaches that identify and prevent malicious actors, competitors, nation states or criminal organisations from collecting sensitive information."

It's easy to downplay the importance of such people, to suggest that 'spooks and spies' are more window dressing for the marketing team than core competence for sec-ops, but easy wouldn't be correct.

"Understanding the counter intelligence world, the world of espionage informs approaches and methods that allow us to detect quicker and with higher accuracy malicious users and their actions," Marty explains.

Martin Rudd, CTO at Telesoft Technologies, says: "Who better than psychologists and spooks to address the issues of nation state attacks, espionage and corporate sabotage? With active defence, the skills of the psychologist and spook are invaluable for enhanced situational awareness, strategic decision-making on the front line and testing of adversary capability, all while keeping cybercriminals engaged and unaware."

Which just leaves the final slot in this triumvirate of cyber-talent to fill. The Hawkeye of our Avengers security team: the data scientist.

But Hawkeye isn’t just a bloke with a bow and arrow – he’s an exceptional marksman. Data scientists are equally accurate in their ability to hone in on a target among all the noise, often before that target has committed the crime.

"Used properly, data science can help people and decisions to adapt in real-time to a changing threat," Marty says. "Data scientists can help IT teams to predict bad events before they occur." They do this by helping to build systems that collect all that behavioural data and analyse changes over time, for example. Those changing actions are scored and, Marty says, "once a score hits a certain, pre-defined point, the system takes different actions to prevent the user increasing risk."

This sounds like an expensive movie
Kevin Tongs, director of customer success (EMEA) at Flashpoint, who started out in threat intelligence for the UK Ministry of Defence, says a former boss of his once said specialists become too expensive, get sacked, and are only hired when needed. "Turning that piece of cynicism around, you can run the risk of hiring people who you can’t keep fully busy with interesting work, so they get bored and leave," Tongs warns, "or you can skill them up to the point where they thank you for the enhanced CV by taking it to a higher-paying gig."

Recruitment expert Ryman counters with an argument that "the broader your team, the more effective it will be in deciphering an attack and innovating your defences – building a strong culture will in turn reduce staff turnover."

So, is outsourcing the bottom line answer here? "I would hesitate to completely farm out any of the disciplines," Steve Giguere, director of solutions and community (EMEA) at Stackrox, told SC Media UK, "but instead bolster them with additional intelligence from both the external threat landscape as well as internal using spot assessments/audits of company security maturity to guide budget and strategy."

Critically, he insists, the doers must be in-house; the process drivers and "pedantic right brains" to make sure the detail from the technologists who are keeping you ahead of the game "provide a backplane of communication to enable the people of your organisation to make it happen."

But Morgan Wright, chief security advisor at SentinelOne and a former US State Department special advisor with a background in criminal psychology, isn't totally sold on the Avengers argument.

"When it comes to cybersecurity I prefer the lesson of Albert Einstein," he says. "Namely, everything should be made as simple as possible, but no simpler."

This, for the vast majority of companies Wright argues, means employing highly specialised personnel such as psychologists and CI specialists is beyond the budget.

Wright concludes: "The bottom line is that SolarWinds has forever changed the prism by which we view cybersecurity. We have to develop solutions that scale and protect the significant majority of governments, corporations, institutions, schools: the Avengers approach sounds sexy, but doesn’t scale and doesn’t solve the bigger problem. It is a solution that very few companies can implement." 
Future-proof your business from current and future IT challenges
IT infrastructures built on multiple operating systems – or multiple public and private clouds – can create undue complexity. It's crucial for IT professionals to evolve and refine their organisation’s digital foundations to find smarter ways of working.

By adopting these six best practices, you can automate routine tasks and simplify your IT infrastructure to improve productivity, reduce costs, bolster security, and accelerate innovation.
Just under one month till SC Awards Europe Deadline
With a constantly evolving threat landscape, SC Awards Europe has one objective: recognise and reward the people, products and services that exemplify the very best solutions for client-customers and the security sector as a whole.

This is your chance to battle it out against your competitors to prove you truly are the best in the industry to your clients and stakeholders!
SC Media UK Forum | 21 & 22 April
SC Media UK is excited to announce a brand new forum for 2021. This forum is free to attend for decision-makers at end-user companies who are responsible for purchasing information security products or services.

The SC Media Forum exists to spark new business connections for our delegates, while adding value to the very core of cyber security defence.

The must-attend exclusive event combines:
> Engaging content and insights exploring key industry topics <
> Pre-arranged, 1-2-1 business meetings with cutting-edge vendors <
> Virtual networking with like-minded professionals <
Quote of the week…
“Babuk Locker is one of the first new ransomware strains of 2021… there are no known third-party tools available to decrypt impacted files or data.”

Nick Emanuel, director of product at Webroot, discusses the ransomware attack on outsourcing company Serco. Serco has run the UK’s heavily criticised Covid-19 track-and-trace system. The attack has not affected track-and-trace. In May 2020, Serco accidentally shared 300 email addresses from contact tracers.
Top five malware detected since the beginning of the year
> Glupteba: This is a ransomware coin miner that installs a variety of extra modules and has various features but the XMR (Monero) coin miner is actually installed.
> AgentTesla: Ranked second with 13.9% info stealer malware. User information contained in web browsers, mail and FTP clients were leaked by AgentTesla.
> BeamWinHTTPP: A malicious code that is a downloader, accounting for nearly 10% of the overall ‘BeamWinHTTP’. It is spread disguised as a PUP installation program via malicious coding.
> Formbook: Formbook is malware from InfoStiller, accounting for 6.1%. Formbook malware is a type of malware that steals information and has been gradually spreading since it was first reported in 2017.
> Smoke Loader: Smoke Loader is a malware info stealer and downloader that was noticed a number of times this week.
Source: Undercode News
© 2020 Haymarket Media Group
Bridge House, 69 London Road, Twickenham , TW1 3SP
This bulletin has been sent to ryan.curle@chime-tech.com