Uncategorized

Prevailion Recognized as a 2020 Gartner “Cool Vendor”

We are pleased to announce that Prevailion has been named a Gartner Cool Vendor in the 2020 Cool Vendors in Security Operations and Threat Intelligence report. In the October 13th report, Gartner points out that “Organizations struggle to mitigate vulnerabilities because of the inability to prioritize them due to a lack of context about the assets and external threat environment.” We couldn’t agree more. It’s that lack of visibility, and subsequent inability to prioritize threats, which often hamper an organization’s cybersecurity posture. Our mission is to change that. Prevailion’s exclusive intelligence capabilities empower...

Share Post

Goblin Panda – One of the World’s Most Active APTs

When considering global threat actors and the impact these groups can have on different geographical regions and industries, we’d be remiss to not spend some time talking about Goblin Panda, considered by Prevailion to be one of the most active Advanced Persistent Threat (APT) groups in the world today. According to the Council on Foreign Relations, “This threat actor targets government agencies and entities in the defense and energy sectors in Southeast Asia with an interest in issues related to tensions in the South China Sea.” Goblin Panda’s Activity According to Prevailian’s threat...

Share Post

Ransomware as a Data Breach Decoy

Gone are the days of small-time cybercriminals using ransomware to earn a quick buck. Ransomware--and the criminals who use it--have certainly evolved. Though it initially made a name for itself as a tactic of the lesser-skilled criminal, malicious actors are now exploiting the established expectations of its impact and limitations in order to hide inside a network.  For those organizations with robust security strategies, ransomware had become little more than an annoyance. They were able to recover rather quickly using backups. More often, though, that’s not the case. In the past...

Share Post
APEX Platform 4.6

NEW Release – APEX Platform 4.6 Delivers Greater Fidelity on Confirmed Cyber Attacks and Threats

Prevailion is excited to launch six new features in its latest release of the APEX Platform, version 4.6.  The features, outlined below, give organizations higher fidelity on real-time compromise activity empowering your security and cyber risk teams to be more effective, work faster, and immediately prioritize confirmed threats. Over the past four months, APEX Platform has increased the number of compromised IP addresses tracked by 285%. Over the past 180 days APEX Platform has tracked: 29.3B Malicious Beacons 469k IP Addresses 141 Malware Families --->  Sign Up Now for a Guided Tour & Free Account #1 -...

Share Post

A Note on the Trojan Compromise of NCR Corporation

Prevailion recently disclosed an active trojan compromise in the network of NCR Corporation. We at Prevailion are extremely pleased that NCR has taken this matter seriously, including the engagement of an elite IR team, and we applaud them for their quick and diligent response to the compromise we detected inside their network. As with all impacted organizations, we were more than happy to provide NCR with the full details of the compromise activity that we observed through our ongoing C2 monitoring. We were in touch with NCR’s security team and IR...

Share Post

Masquerading as Card-Skimmers: Are Attackers Doing More with Magecart?

While Magecart is well known as a malware hacking groups use to inject card-skimming scripts into e-commerce platforms, Prevailion researchers have detected many compromises with Magecart that suggest the malicious actors are not actually going after credit card data.  According to public data breach records, the credit card information of organizations from British Airways to NutriBullet, Tupperware, easyJet and Macy’s has been targeted in different card-skimming campaigns.  In July 2019, attackers leveraged a vulnerability in the e-commerce software platform Magento, which left more than 960 online retailers compromised in a single...

Share Post

Carnival Cruise Lines’ Long-Running Breach Problem

Carnival Corporation is back in the news again with another data breach. This time, the company disclosed in a recent 8-K filing that its network was compromised by an unnamed ransomware on August 15th which “encrypted a portion of one brand’s information technology systems” and “the download of certain of our data files.” This is the second public disclosure Carnival has made this year. In March, it also disclosed a data beach from April 11 – July 23 2019 which gained access to employee email accounts containing sensitive information. However, these are...

Share Post

Lower the Price Tag of a Data Breach with Threat Intelligence

Detecting and containing a data breach takes the better part of a year, approximately 280 days, for the average organization, according to IBM’s 15th annual Cost of a Data Breach Report, Unfortunately, the longer it takes to identify a breach, the bigger the price tag of the overall breach lifecycle.  This year’s report found that more than half (52%) of breaches are the work of malicious actors. Of those, 13% of breaches are reportedly caused by nation state attackers.The findings also revealed that more attackers are using compromised credentials and leveraging...

Share Post

How Auditors Can Make Compliance Programs More Effective

When conducting an audit of your cybersecurity plans, it’s important to reassess risk and evaluate whether established policies and procedures are both effective and actionable. To aid in cyber compliance, CSO Online said the updated compliance guidelines issued by the Department of Justice, “has particular relevance to the cybersecurity practices of organizations when it comes to, for example, data breach and other security-related lawsuits.” Essentially, the document outlines how to assess, “whether a particular compliance program works in practice.” Toward that end, the guidelines pose three questions that every compliance...

Share Post
Broken Security Promises and the Big Threat from Smaller Partners

Broken Security Promises and the Big Threat from Smaller Partners

When two companies are directly connected to each other, they need to believe that the other is doing all it can to shore up its defenses. What happens, though, when the relationship between two companies is distinctively different and imbalanced because of size. Enterprises, while often the target of sophisticated actors, have a sizable IT and security budget that allows them to build defense in depth. That’s not always the case for small businesses, which leaves them vulnerable to cyberattacks.  The US Small Business Administration recently reported, “88% of small business...

Share Post