Palo Alto Networks research shows new twist on old cyberattack method targeting mobile devices

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, today revealed details of a new “BackStab” attack used to steal private information from mobile device backup files stored on a victim’s computer. A white paper from the company’s Unit 42 threat intelligence team explains how cyberattackers are using malware to remotely infiltrate computers and execute BackStab attacks in an unprecedented fashion.

Used to capture text messages, photos, geographic location data, and almost any other type of information stored on a mobile device in their possession, BackStab has been employed by law enforcement and cyberattackers alike. The Unit 42 white paper shows how BackStab attacks have evolved to leverage malware for remote access and why Apple® iOS devices have been a primary target for attacks, as the default settings in iTunes® store unencrypted backup files in fixed locations and automatically sync devices when they are connected to a user’s computer.

Quote

“Cybersecurity teams must realise, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.”

–          Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks

Recommendations

  • iOS users should encrypt their local backups or use the iCloud backup system and choose a secure password.
  • Users should upgrade iOS devices to the latest version, which creates encrypted backups by default.
  • When connecting an iOS device to an untrusted computer or charger via a USB cable, users should not click the “Trust” button when the dialogue box is displayed.

Download the white paper at:

https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html

Subscribe to Unit 42 research updates at

http://researchcenter.paloaltonetworks.com/unit42/

Learn more about Unit 42, the Palo Alto Networks threat intelligence team, at https://www.paloaltonetworks.com/threat-research.html

###

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide.  Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks® announces agreement to acquire Cyvera

 

April 2, 2014Palo Alto Networks® (NYSE: PANW), has announced a definitive agreement to acquire Cyvera, a privately held cybersecurity company located in Tel-Aviv, Israel.  Under the terms of the agreement, Palo Alto Networks will acquire all of the outstanding capital stock of Cyvera for an aggregate purchase price of approximately $200 million (USD). The acquisition is expected to close during the second half of fiscal 2014, subject to customary closing conditions and regulatory reviews.

Named a cool vendor in security by Gartner in 2013 (“Cool Vendors in Security: Infrastructure Protection 2013”)*, Cyvera, which has 55 employees, has developed a highly innovative offering that protects enterprises from cyber threats by using a unique approach to block unknown, zero-day attacks on the endpoint.

The addition of this unique capability to the Palo Alto Networks enterprise security platform will extend customers’ ability to safely enable applications and protect users against known and unknown cyber threats on any device, across any network.

QUOTES

*        “This event marks a key milestone in our strategic enterprise security vision.  It extends our next-generation security platform with a very innovative approach to preventing attacks on the endpoint.  It enables us to accelerate the delivery of the market’s only highly integrated and automated enterprise security platform spanning network, endpoints, and the cloud.  For customers, this translates into the most sophisticated and automated threat prevention for their entire organisation.”
–        Mark McLaughlin, President and CEO of Palo Alto Networks

*        “Much like Palo Alto Networks set out to disrupt the network security market with its next-generation security platform, we founded Cyvera to revolutionise protection for the endpoint – one of the most vulnerable frontiers for cyber-attacks.  We are pleased to join the Palo Alto Networks team and together help enterprise customers tackle the advanced threats they face today.”
–        Uri Alter and Netanel Davidi, co-founders and co-CEO’s of Cyvera   

Cyvera prevents attacks at the right time and place

Zero-day cyber-attacks represent one of the greatest threats to enterprises, governments, and service provider organisations that rely on a vast array of systems, applications, and devices to run their business.  These cyber-attacks often exploit a vulnerability known only to the attacker.  While there are literally tens of thousands of vulnerabilities an attacker can potentially target, there is a significantly smaller number of exploit techniques they may use to exploit that vulnerability.

While patching software can provide an element of protection, it does little to protect organisations against vulnerabilities that have not yet been discovered by the software manufacturer. Simply detecting the presence of malware is also insufficient since malicious activity may have already been initiated and evasion tactics employed to evade detection.  In order to stop zero-day attacks in their tracks, it’s critical to understand the exploit techniques attackers employ.  Cyvera has developed a unique method of performing this real-time prevention against all core attack techniques at the endpoint during the exploitation phase, before the malware has a chance to run.

Advanced threats demand highly integrated, automated, and scalable platform approach 

Today’s sophisticated attacks increasingly rely on a combination of tactics and threat vectors to penetrate an organisation and require a new approach to security. Most organisations still rely on legacy point technologies that address only specific types of attacks, phases of an attack, certain devices, or certain network segments.  Because of the singular nature of these technologies, they are ill-equipped to detect and prevent today’s advanced cyber-attacks.

To address these challenges, Palo Alto Networks developed a new approach: one that begins with positive security controls to reduce the attack surface; blocks all known threats; rapidly detects unknown threats through analysis and correlation of abnormal behaviour; then automatically employs advanced exploit prevention mechanisms and policies back to the front line to ensure previously unknown threats are known to all and blocked.  This approach is designed to prevent threats from penetrating an organisation and greatly reduce the need for costly human remediation.

Adding the unique Cyvera capabilities extends the Palo Alto Networks enterprise security platform to perform next-generation security functions across the network, endpoint, and the cloud.

To learn more about the Palo Alto Networks security platform:

·        Visit our website   
·        Register for the Palo Alto Networks Ignite user conference, March 31 – April 2

ENDS

Safe Harbour

This press release contains “forward-looking” statements within the meaning of Section 27A of the Securities Act and Section 21E of the Exchange Act that are based on the beliefs and assumptions of Palo Alto Networks and on currently available information. Forward-looking statements include information concerning the expectations, beliefs, plans, intentions and strategies of Palo Alto Networks relating to its pending acquisition of Cyvera.  Such forward-looking statements include statements regarding expected benefits to Palo Alto Networks, Cyvera and its respective customers; the impact of the pending acquisition on Palo Alto Networks’ competitive position; and plans regarding Cyvera and Cyvera personnel. These statements reflect the current beliefs of Palo Alto Networks and are based on current information available to Palo Alto Networks as of the date hereof, and Palo Alto Networks does not assume any obligation to update the forward-looking statements to reflect events that occur or circumstances that exist after the date on which they were made. The ability of Palo Alto Networks to achieve these business objectives involves many risks and uncertainties that could cause actual outcomes and results to differ materially and adversely from those expressed in any forward-looking statements.

There are a significant number of factors that could cause actual results to differ materially from statements made in this presentation, including the failure to achieve expected synergies and efficiencies of operations between Palo Alto Networks and Cyvera; the ability of Palo Alto Networks and Cyvera to successfully integrate their respective market opportunities, technology, products, personnel and operations; the failure to timely develop and achieve market acceptance of combined products and services; the potential impact on the business of Cyvera as a result of the acquisition; the ability to coordinate strategy and resources between Palo Alto Networks and Cyvera; the ability of Palo Alto Networks and Cyvera to retain and motivate key employees of Cyvera; Palo Alto Networks’ limited operating history and experience with integrating acquired companies; risks associated with Palo Alto Networks’ rapid growth, particularly outside the United States; rapidly evolving technological developments in the market for network security products; and general market, political, economic and business conditions.  Additional risks and uncertainties are included under the captions “Risk Factors” and “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” in the company’s quarterly report on Form 10-Q filed with the SEC on February 24, 2014, which is available on the company’s website at investors.paloaltonetworks.com and on the SEC’s website at www.sec.gov. Additional information will also be set forth in other filings that the company makes with the SEC from time to time. All forward-looking statements in this presentation are based on information available to the company as of the date hereof, and Palo Alto Networks does not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made or to update the reasons why actual results could differ materially from those anticipated in the forward-looking statements, even if new information becomes available in the future.