Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced it has signed a definitive agreement to acquire Noetic Cyber, an innovator and a leader in cyber asset attack surface management (CAASM).

The addition of Noetic’s CAASM solution to Rapid7’s existing cybersecurity solutions will provide more comprehensive visibility of a customer’s environment, including visibility into both internal and external assets, on-premise and in the cloud. With this, customers will be empowered to:

• More fully understand their attack surface with a high-context, inside-out view and an adversary aware, outside-in view to efficiently anticipate threats and manage risk
• Enable focused prioritization and fidelity with threat-aware context to recognize the most acute risk signals and exposures
• Drive better signal-to-noise across security teams by effectively and continually improving asset inventory and content to reduce risk and build resiliency with pragmatic remediation guidance and automation
• Create efficiency and productivity for security teams, giving them highly correlated asset and resource views along with searchable risk context

“Fragmented attack surface is stifling security productivity, efficiency, collaboration, and credibility,” said Corey Thomas, chief executive officer, Rapid7. “The addition of Noetic’s solution to our platform positions Rapid7 to deliver the most productive security operations experience while making it more accessible to the teams who need it most.”

According to the 2024 Gartner^® Innovation Insight: Attack Surface Management report, “only 17 percent of organizations can clearly identify and inventory a majority (95% or more) of their assets.”¹

“The addition of Noetic Cyber to Rapid7’s portfolio ensures even more security teams can be confident they have the right visibility of their security data,” said Paul Ayers, chief executive officer and co-founder, Noetic Cyber. “Rapid7 customers will now be able to better prioritize exposures based on the meaningful insights from Noetic and take action to identify security gaps and reduce cyber risk.”

Noetic Cyber was co-founded in 2019 by Paul Ayers, Allen Hadden, and Allen Rogers to empower security teams to command their attack surface. Noetic Cyber provides a proactive approach to cyber asset and exposure management, empowering security teams to see, understand, and fix their security posture and control drift. Noetic Cyber’s goal has been to improve security tools and control efficacy by breaking down existing data silos enhancing the entire security ecosystem.

The acquisition of Noetic Cyber is expected to close during Rapid7’s fiscal third quarter and is not expected to have a material impact on the Company’s 2024 Annualized Recurring Revenue (“ARR”).

Following the close of the transaction, Rapid7 is expected to make Noetic Cyber capabilities available to its customers this summer. To learn more about how Rapid7’s acquisition of Noetic Cyber will benefit customers and to get notified as soon as the solution is available, visit https://www.rapid7.com/info/lp/request-caasm-demo/.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Rapid7 Agrees to Acquire Noetic Cyber first appeared on AI-Tech Park.

Socura, a UK-based cyber security managed SOC/MDR specialist, today announced the launch of its Rapid Recovery Service. The service is designed to be implemented in the event of a data breach, offering rapid and extensive support during the critical early phases of incident response and ongoing monitoring over the subsequent weeks.

Socura’s Rapid Recovery is for customers that do not have a SOC to monitor their environment as they recover from a breach. For breached organisations, Socura takes on the responsibility of monitoring, managing, and responding to the incident so that the company can recover quickly. This ensures that damage and disruption is minimised and internal IT teams can focus on supporting the business.

Socura offers organisations around-the-clock 24x7x365 monitoring and support, from a UK-based, CREST accredited Security Operations Centre. It provides comprehensive visibility into endpoint activities, including processes, file changes, network connections, and user behaviour to assist in detecting anomalous activities and potential security threats. It also has containment capability, enabling Socura’s security analysts to investigate and remediate security incidents in real-time. This may involve isolating compromised endpoints, quarantining malicious files, containing the spread of threats across the network.

“When a data breach hits and all hell breaks loose, businesses need to respond immediately and emphatically,” said Andy Kays, Socura CEO. “In these situations, organisations need a SOC team that can identify threats, limit their spread, and get them back to business as usual operations as quickly as possible. Our SOC can be onboarded quickly, and can stay running as long as the customer needs ongoing support.”    

Socura’s Rapid Recovery Service is priced based on the number of users and duration of deployment. Features include:

• 24/7/365 threat detection and containment
• Threat Hunting
• Incident management and remediation advice
• Security Incident Reporting
• Use Case Development
• Security Orchestration, Automation and Response (SOAR)

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Socura launches Rapid Recovery Service first appeared on AI-Tech Park.

ReasonLabs, the cybersecurity pioneer equipping home users with a cutting-edge distributed EDR platform, today announced critical updates to its flagship next-generation antivirus solution RAV Endpoint Protection. The updates are included in version 5.31.5 and will provide tens of millions of users with more support, better security, and increased privacy protection, as well as an improved user experience.

With cyberattacks, identity theft, and privacy invasion plaguing consumers, the need for at-home enterprise-grade protection is vital. The latest updates for RAV Endpoint Protection include support for the ARM64 architecture, greater usability of threat detection services, better detection capabilities of never-before-seen malware, and a simplified more intuitive user experience.

“At ReasonLabs, we are committed to providing consumers with the best possible protection available in the marketplace,” said Kobi Kalif, CEO and co-founder of ReasonLabs. “The latest rollout of RAV Endpoint Protection provides users with enhanced protection capabilities and an even more user-friendly experience, making it easier than ever to benefit from next-generation cyber protection. These advancements reflect our team’s dedication to providing consumers peace of mind in our ever-evolving connected world.”

This update comes off the heels of RAV Endpoint Protection recently receiving the highest grade of A+ in Virus Bulletin’s VB100 antivirus test, detecting 99.64% of all malware tested. ReasonLabs was also selected as a Winner in the category of Consumer Privacy Protection at the 2024 Cybersecurity Excellence Awards for RAV Endpoint Protection’s security capabilities.

Founded in 2016, ReasonLabs provides industry-leading cybersecurity solutions for individuals and families alike, including Online Security & Identity Protection, Safer Web DNS Filtering, RAV VPN, Parental Control, and more.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post ReasonLabs announces improvements to RAV Endpoint Protection first appeared on AI-Tech Park.

Cofense®, the leader in email threat detection and response solutions, today unveiled new enhancements to its PhishMe® Employee Security Awareness Training (SAT) Platform. The latest addition, Employee Engagement Index, is set to transform how organizations manage email security risks.

The introduction of the Employee Engagement Index (EEI) transforms employees into security allies. This innovative tool continuously monitors employee interactions with PhishMe simulations, providing real-time data that offers valuable insights into their readiness to combat phishing threats, before they become damaging to an organization’s revenue and reputation.

“Cofense PhishMe pioneered the SAT industry over a decade ago, and in 2024, we proudly delivered our one-billionth employee training simulation,” stated David Van Allen, CEO of Cofense. “Our experience and data confirm that employees are an organization’s strongest asset against email based cyberattacks; they should not be considered the risk. That’s the core reason why we have upgraded PhishMe with the Employee Engagement Index.”

It is a well-known fact that most successful cyberattacks on businesses begin with a phishing email that slips past existing email security measures, even those new measures using AI. This makes employee email security awareness programs a critical component of a comprehensive, layered defense strategy. When employees are properly trained and motivated, they become a formidable first line of defense.

PhishMe’s Employee Engagement Index leverages over a decade of Cofense curated threat intelligence and combines those data with current employee behavioral patterns. The EEI then generates a continuously updated proficiency score, displaying a personalized metric that assesses individuals, cohorts, groups, and departments, allowing organizations to quickly pinpoint areas needing improvement and allows for immediate, targeted remediation efforts.

Employee Engagement Index Benefits:

• User-Level Metrics: Identifies engagement and resilience gaps across all employee levels, ensuring targeted reinforcement programs strengthen the organization’s cybersecurity posture.
• Reporting Rate: Provides reporting of employees’ identification and activity around phishing attempts, indicating awareness and responsiveness of the first line team.
• Susceptibility Rate: Identifies employees or cohorts who are prone to phishing, enabling more targeted reinforcement and remediation.
• Proficiency Score: Highlights individuals’ ability to accurately recognize and report phishing.
• Leaderboard View: Ranks employees by resilience, identifying top performers and those requiring additional support.
• Flexible Metrics: Tailors assessment criteria to your organization’s needs.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Cofense unveils new enhancements to PhishMe® first appeared on AI-Tech Park.

Claroty, the cyber-physical systems (CPS) protection company, today announced the next evolution of The Claroty Platform, leveraging Claroty’s unrivaled industry expertise to deliver the deepest asset visibility and broadest solution set in the market today. With the flexibility to be deployed in the cloud with Claroty xDome^® or on-premise with Claroty Continuous Threat Detection (CTD), the platform’s dynamic approach to CPS protection empowers organizations to reduce cyber risks associated with increased connectivity, with the fastest time to value and lower total cost of ownership.

Expanded connectivity has greatly outpaced organizations’ ability to manage CPS risks properly, meanwhile the increase in cyber threats impacting operations has prompted new regulatory measures seeking to preserve national security, economic stability, and public safety. These compounding challenges have led to a variety of approaches to securing CPS networks – leveraging existing IT security tools that are neither practical nor effective for CPS environments, relying on passive-only asset discovery methods that may be resource-intensive and frequently lack in-depth visibility, and stitching together a slew of single-purpose CPS security solutions that lack cohesion and create blind spots – which ultimately fall short.

“Organizations must make purposeful decisions to reduce cyber risk to CPS under the constraints of business needs for operational efficiency and cost control,” said Grant Geyer, chief product officer at Claroty. “Consequently, there is a need for a new, holistic approach that can address all of these challenges simultaneously. We are redefining CPS protection with an unrivaled industry-centric platform built to secure mission-critical infrastructure.”

Claroty’s CPS Protection Platform Enables Better Business Outcomes

CPS Risk Reduction: The Claroty Platform provides the broadest set of solutions that enable organizations to operationalize in-depth insights about their environments to then identify, prioritize, and mitigate risk:

• Exposure Management: Leverage exploitability and the impact of risk on business operations for exposed assets to create a programmatic approach to CPS-specific continuous threat exposure management.
• Network Protection: Drive effective network segmentation and anomaly detection with the industry’s first out-of-the-box zone and communication policy recommendations for various CPS based on in-depth insight into operational context and best practices.
• Secure Access: The only purpose-built secure access solution using the industry’s deepest asset profiles and policies to provide privileged access and identity management & governance for first and third-party users.
• Threat Detection: Detect known and unknown threats, as well as operational alerts, to protect the integrity and enhance the security of operational environments.

Faster Time to Value: Claroty helps users more quickly operationalize their asset inventory with a precision-driven and “right-for-me” approach to asset discovery paired with automated enhancement to visibility. Capabilities that enable faster time-to-value include:

• Tailored Discovery for Deep Visibility: Recognizing that no two CPS networks are identical, Claroty employs multiple, distinct discovery methods that, as illustrated in new research also released today, achieve the same highest quality visibility (87% basic, full and deep visibility) as traditional passive methods (86%).
• Visibility Orchestration: Capabilities that identify gaps in asset inventory, recommend discovery techniques, and provide co-piloted orchestration series of actions to create the industry’s most comprehensive, in-depth asset profiles that ultimately enable more effective risk reduction.
• Artificial Intelligence: By combining Claroty’s deep understanding of CPS, statistical inference methods, large language models, and machine learning, Claroty’s AI-powered analysis engine classifies assets, provides security insights, and recommends actions completely out-of-the-box.

Lower Total Cost: The Claroty Platform consolidates the management, monitoring, and control of CPS security, driving down total cost through the following capabilities:

• Unified Platform: Controlling CPS security solutions in one place dramatically simplifies organizations’ ability to streamline risk management, apply compensating controls, respond to threats, and manage their overall security posture.
• Deployment Flexibility: With the option of on-premises or cloud deployment, organizations have the flexibility to choose where and how to implement the Claroty Platform, depending on their requirements for scalability, cost considerations, or compliance guidelines.

To learn more about how Claroty is redefining CPS protection:

• Read the platform overview or the Claroty blog
• Download the report, “A Non Zero-Sum Game: Optimizing for Both Cyber-Physical System Visibility and Business Needs”
• Register for the webinar, “Breaking Barriers: Redefining Traditional CPS Security Strategies,” on Thursday, July 11 at 11:00 AM ET

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Claroty’s new platform offers top cyber-physical systems protection first appeared on AI-Tech Park.

New enhancements to DTEX InTERCEPT platform enable organizations to detect and monitor content employees upload to generative AI platforms

DTEX Systems, the global leader for insider risk management, today announced new insider risk management capabilities within the DTEX InTERCEPT platform that protect organizations from unintentional and intentional data loss through generative AI (GenAI) platforms like ChatGPT. With the new enhancements, companies can better understand what content employees are uploading to large language models (LLMs) and mitigate the risk of disclosing proprietary data or intellectual property (IP).

Companies and their employees are increasingly turning to GenAI platforms to drive positive business outcomes. According to recent research from Gartner, 55 percent of enterprises have either piloted generative AI solutions or put them into production. But the accelerated adoption of GenAI platforms introduces significant insider risk to organizations whose employees may not understand the security implications of uploading proprietary data or IP to public AI models.

According to the DTEX 2024 Insider Risk Investigations Report, 92% of organizations identified internal use of AI tools as a key security concern. The same report found that 90% of organizations would support tools that provide better oversight to mitigate GenAI-associated risks. When well-meaning employees upload sensitive data or IP to public LLMs, they increase the risk of data loss occurring. The increasing adoption of GenAI highlights the importance of proactive insider risk management to mitigate incidents before they occur.

The new capabilities within DTEX InTERCEPT allow the platform to inspect content uploaded to GenAI platforms for markers, including IP and other sensitive information, and prevent that data from being shared before it turns into an incident caused by a malicious or negligent insider. With web traffic inspection capabilities, DTEX InTERCEPT offers greater visibility into user activity while continuing to adhere to privacy standards. The platform provides centralized policy enforcement that enables security teams to curate secure access to thousands of GenAI applications, including differentiating between Microsoft CoPilot enterprise accounts and personal usage.

“There is growing attention and concern around how GenAI technology is being used within an organization, and for good reason. While well-intentioned employees are using this technology to create efficiencies and drive innovation, they are also increasing the risk of data leaks, data theft, and privacy violations. Malicious employees can intentionally upload sensitive data to GenAI technology to extract at a later time,” said Marshall Heilman, CEO at DTEX Systems. “The enhancements to DTEX InTERCEPT will allow companies to find the appropriate balance between achieving the transformational benefits delivered by GenAI and protecting their organization from threats to their data or IP.”

DTEX InTERCEPT is the only solution on the market that combines behavioral science, technology, intelligence, and services to provide organizations with unified and proactive protection from insider threats without invading personal privacy. Earlier this year, DTEX launched its AI3 Risk Assistant, a new feature of the InTERCEPT platform that processes natural language to provide quick and comprehensive insight into the nuances of insider risk and intent. This new feature further demonstrates how AI-powered innovation can be an impactful business enabler, with organizations now having the option to lean into these capabilities with proportional oversight to ensure that risk is minimized.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post DTEX Systems Unveils New Capabilities to Understand Insider Risk Using Gen AI first appeared on AI-Tech Park.

Huntress announced that its award-winning Managed Endpoint Detection and Response (EDR) product now includes Active Remediation and macOS coverage.

Huntress EDR previously included proactive isolation to stop the spread of threats immediately, click-to-approve remediation, and guided recovery and cleanup. With the addition of Active Remediation, security administrators can pre-authorize Huntress to take action on their behalf with zero manual review and approval. This added convenience promises to speed up the remediation process and lighten the workloads of IT and security teams.

“Our primary focus has always been keeping our customers and partners safe, and we want to do that with complete ease of use. Our Active Remediation automatically eliminates threats with zero manual intervention. With our consistent record of less than 1% false positives, Managed EDR users can rest assured that they are being protected 24/7 by our human-led SOC while enjoying the benefits of an extremely hands-off solution,” said Seth Geftic, Vice President of Product Marketing for Huntress.

Today, 22.4% of businesses are running macOS—with 50% of users affected by malware, hacking, or scams. The rise in malware attacks comes with the growing number of macOS users in small to mid-sized enterprises, as they are high-value targets for bad actors. The average data breach cost for these businesses is $4.35M, and it can take approximately 277 days to detect and contain a breach. These numbers are high enough to put smaller enterprises out of business. With macOS threats increasing roughly 100% from 2023 to 2024, this enhancement arrives at the right time to arm small businesses and mid-sized enterprises and the managed service providers who support them.

“Businesses might be tempted to assume that macOS is inherently more secure than Windows, but with threat actors becoming more sophisticated, that’s simply not the case,” said Stuart Ashenbrenner, macOS Researcher at Huntress. “Mac environments are more complex, which is why Huntress has rolled out this release to support resource-constrained IT teams that need specialized macOS experience and protection.”

Additional Resources:

• Check out Huntress’ latest ‘Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft’ blog
• Read the EDR Active Remediation blog
• Read the macOS LightSpy malware variant blog
• Start a free trial

Visit Huntress.com to learn more about this new enhancement, or follow us on Twitter and LinkedIn.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Huntress Expands Fully Managed EDR Capabilities first appeared on AI-Tech Park.

Detectify, the External Attack Surface Management platform powered by elite ethical hackers, today announced a new Domains page and major improvements to existing capabilities for setting custom attack surface policies. These updates bring unprecedented control over attack surface data and enable organizations to seamlessly configure alerts for policy breaches based on their unique definition of risk, a feature unmatched by any other player in the EASM space.

Attack surfaces keep growing and becoming more diverse, making it increasingly challenging for organizations to obtain and make sense of the most relevant insights from their attack surface data. This growing complexity has been recognized by leading analyst firms, such as Forrester’s “The Attack Surface Management Solutions Landscape, Q2 2024” report, which included Detectify. Security teams highlight the need to identify and reduce risks unique to their business context. In fact, Detectify users see an average of 300 breaches per set policy. Over 70% of active policies today focus on spotting risky open ports, with 60% specifically alerting on any detected ports other than 80 or 443. This emphasizes that identifying areas of the attack surface that could be improved, such as open ports, is key for security teams.

“Our global customer base uses hundreds of attack surface policies every day,” said Danwei Tran Luciani, VP of Product at Detectify. “Users can now seamlessly set custom policies on a variety of new characteristics, like being alerted when a specific cloud provider is present on a set of domains. We’re excited to empower security teams with even greater control over their attack surface data.”

With the new Domains page and the major improvements to Attack Surface Policies, Detectify customers can benefit from:

• Their complete attack surface, at a glance: Security teams need a complete grasp of their attack surface evolution to, for instance, support incident investigations or find out how their domains are exposed. The new Domains page provides a complete view of all monitored domains within the attack surface with continuously attributed data to each domain, consisting of IPs, cloud providers, and even fingerprinted technologies over a period of time.
• Customizable attack surface data based on their workflows: Security teams require continuous monitoring of exposures to take action on those issues in future occurrences. Customers can now directly create customized policies for their attack surface data through the new Domains page when spotting anomalies. This innovative workflow allows them to set up alerts for breaches aligned with their specific risk definitions, a capability not offered by any other EASM product.
• Risk management that reflects their business context: Among security teams’ jobs is the need to remain informed about the evolution of their attack surface, identify exposed elements, and pinpoint specific assets affected by exposure according to their unique risk definition. The new Domains page enables users to assess potential exposure risks and set security policies based on completely new characteristics.

Detectify’s new Domains page and enhanced Attack Surface Policies are now available to all Surface Monitoring customers. New data points will continue to be released to the Domains page, which will further expand the specificity of security policies that users can create and receive alerts for. Teams will soon be able to integrate alerts into their existing workflows through the Detectify API and Integrations platform. For more information visit detectify.com.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Detectify updates policies & domains view for better control. first appeared on AI-Tech Park.

Avast, a leader in digital security and privacy and brand of Gen (NASDAQ: GEN), has reported that social engineering threats – those which rely on human manipulation – account for most cyberthreats faced by individuals in 2024. According to the latest quarterly Avast Threat Report, which looks at the threat landscape from January-March 2024, scams, phishing and malvertising accounted for 90% of all threats on mobile devices and 87% of threats on desktop. Moreover, the threat research team discovered a significant spike in scams leveraging sophisticated tactics such as using deepfake technology, AI-manipulated audio synchronization, and hijacking of YouTube and other social channels to disseminate fraudulent content.

YouTube: A Potent Gateway for Criminals

While all social media is a natural breeding ground for scams, YouTube has become a significant channel for crime. According to telemetry from Avast, 4 million unique users were protected against threats on YouTube in 2023, and approximately 500,000 were protected in January-March 2024.

Automated advertising systems combined with user-generated content provides a gateway for cybercriminals to bypass conventional security measures, making YouTube a potent channel for deploying phishing and malware. Notable threats on the platform include credential stealers like Lumma and Redline, phishing and scam landing pages, and malicious software disguised as legitimate software or updates.

Scammers have also turned heavily to videos as lures. Whether from stock footage or an elaborate deepfake, scammers are using all video varieties in their threats. One of the most widespread techniques involves exploiting famous individuals and significant media events to attract large audiences. These campaigns often use deep fake videos, created by hijacking official videos from events and using AI to manipulate audio synchronization. These videos seamlessly blend altered audio with existing visuals, making it harder for the untrained eye to tell they’re anything but authentic.

Additionally, YouTube serves as a conduit to Traffic Distribution Systems (TDS), directing people to malicious sites and supporting scams ranging from fake giveaways to investment schemes.

Some of the most common tactics through which YouTube is exploited for scams include:

1. Phishing Campaigns Targeting Creators: Attackers send personalized emails to YouTube creators proposing fraudulent collaboration opportunities. Once trust is established, they send links to malware under the guise of software needed for collaboration, often leading to cookie theft or account compromise.
2. Compromised Video Descriptions: Attackers upload videos with descriptions containing malicious links, masquerading as legitimate software downloads related to gaming, productivity tools, or even antivirus programs, tricking users into downloading malware.
3. Channel Hijacking for Scams: By gaining control of YouTube channels through phishing or malware, attackers repurpose these channels to promote scams – such as cryptocurrency scams – often involving fake giveaways that require an initial deposit from viewers.
4. Exploitation of Software Brands and Legitimate-Looking Domains: Attackers create websites that mimic reputable companies that people trust and offer illegitimate downloadable software.
5. Social Engineering via Video Content: Attackers post tutorial videos or offers for cracked software, guiding people to download malware disguised as helpful tools. This tactic takes advantage of people seeking free access to otherwise paid services or software, leveraging YouTube’s search and recommendation algorithms to target potential victims.

The Growing Business of Malware-as-a-Service (MaaS)

With scams surging, cybercriminals are capitalizing on a new business opportunity: Malware-as-a-Service (MaaS). Through this model, organized crime groups are able to recruit smaller-scale criminals who want to make quick money by distributing malware on behalf of the group. These criminals can purchase malware, subscribe to it or share profits in a commission-style partnership.

The most common malware utilized in MaaS are information stealers, which are continuing to find new distribution channels. For example, DarkGate was observed to be spread via Microsoft Teams, using phishing. Lumma Stealer, another MaaS information stealer, continues to spread via cracked software propagated on YouTube, using fake tutorials to mislead victims. This further emphasizes that such strains – and their creators – never miss an opportunity to leverage social engineering to distribute malware.

“In the first quarter of 2024, we reported the highest ever cyber risk ratio – meaning the highest probability of any individual being the target of a cyberattack,” said Jakub Kroustek, Malware Research Director at Gen. “Unfortunately, humans are the weakest link in the digital safety chain, and cybercriminals know it. They pray on human emotions and the quest for knowledge to infiltrate people’s lives and devices for financial gain.”

For more information and to read the full Avast Q1/2024 threat report, visit https://decoded.avast.io/threatresearch/avast-q1-2024-threat-report/ 

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Deepfakes, AI-Manipulated Audio, and Hijacked Social Media Surge in 2024 first appeared on AI-Tech Park.

Rapid7, Inc. (NASDAQ: RPD), a leader in extended risk and threat detection, today announced the release of its 2024 Attack Intelligence Report. The report provides expert insights and guidance that security practitioners can use to better understand and anticipate modern cyber threats.

The research underpinning the Attack Intelligence Report is based on more than 1,500 curated vulnerability and exploit data points; analysis of 180-plus advanced threat campaigns; thousands of tracked ransomware incidents, extortion communications, and dark web posts; and insights from trillions of security events across Rapid7 MDR and threat analytics telemetry.

Several significant findings arose from this vast examination of information dating back to 2019 and as recent as early 2024. For example, in 2023, for the second time in the last three years, more mass compromise events arose from zero-day vulnerabilities (53%) than from n-day vulnerabilities. Last year’s numbers represent a return to 2021 levels of widespread zero-day exploitation (52%), following a slight respite (43%) in 2022.

“Our data shows 2021 to have been the dividing line between a ‘then’ and a ‘now’ in zero-day attacks,” said Caitlin Condon, director of vulnerability intelligence at Rapid7 and the report’s primary author. “Since that time, the median number of days between vulnerability disclosure and exploitation, which we began tracking several years ago, has stayed in single digits across the CVEs in our annual datasets; widespread exploitation of major vulnerabilities has shifted from a notable event to a baseline expectation; and ransomware attacks regularly take entire public-facing systems offline, sometimes for weeks or months at a time.”

In addition to a consistently high number of zero days leading to mass compromise events, the report notes a “pronounced shift” in the way these events are playing out. Instead of following the historical pattern of “many attackers, many targets,” nearly a quarter (23%) of widespread threat CVEs Rapid7 examined in 2023 and early 2024 arose from well-planned, highly orchestrated zero-day attacks in which a single adversary compromised dozens or even hundreds of organizations at once, often leveraging custom tooling like proprietary exploits and backdoors.

Additional key findings from the 2024 Attack Intelligence Report include:

• Mass compromise events stemming from exploitation of network edge devices have almost doubled since the start of 2023, with 36% of widely exploited vulnerabilities occurring in network perimeter technologies. More than 60% of the vulnerabilities Rapid7 analyzed in network and security appliances in 2023 were exploited as zero-days.
• While skilled adversaries are still fond of memory corruption exploits, most of the widely exploited CVEs from the past few years have arisen from simpler, more easily exploitable root causes, like command injection and improper authentication issues.
• 41% of incidents Rapid7 MDR observed in 2023 were the result of missing or unenforced multi-factor authentication (MFA) on internet-facing systems, particularly VPNs and virtual desktop infrastructure.
• Rapid7 Labs tracked more than 5,600 separate ransomware incidents over the course of 2023 and the first few months of 2024. The number of unique ransomware families reported across 2023 incidents decreased by more than half, from 95 new families in 2022 to 43 in 2023.

“This is a mature, well-organized cybercrime ecosystem at work, with increasingly sophisticated mechanisms to gain access, establish persistence, and evade detection,” said Condon. “The data is telling us that we are experiencing the intensification of a multi-year trend; now more than ever, implementing zero-day patching procedures for critical technologies is key.”

The report notes that network edge devices are at particular risk of n-day and zero-day exploitation, and Rapid7 recommends that vulnerabilities in these devices be mitigated as soon as vendor-provided patches or workarounds are available. The report also indicates that enabling logging and ensuring it is working as expected are critical for allowing security operations teams to hunt for the more elusive indicators of compromise and suspicious activity representing incidents executed by the mature attacker groups identified in the research.

To access the complete Rapid7 2024 Attack Intelligence Report, which includes additional practical guidance for defenders, visit https://www.rapid7.com/research/report/2024-attack-intelligence-report/.

Explore AITechPark for the latest advancements in AI, IOT, Cybersecurity, AITech News, and insightful updates from industry experts!

The post Rapid7 Releases Attack Intelligence Report first appeared on AI-Tech Park.