More than half of Australian Enterprises Have Misplaced Confidence in their Cloud Service Providers’ Security

SYDNEY, Australia – Palo Alto Networks (NYSE: PANW), the global cybersecurity leader, released a report that uncovers the truth about the state of cloud security among large enterprises across Asia-Pacific including Australia, with many cases where perception doesn’t match the reality when it comes to securing the cloud.

Conducted by Ovum Research, the report shows that large enterprises, defined as those with more than 200 employees, are not prepared for cloud-related cybersecurity threats, and more importantly, make the assumption that public cloud is secure by default. In fact, 56 per cent of security decision-makers in large Australian enterprises believe that security provided by their cloud service providers is sufficient to protect them from cloud-based cyber threats.

“Organisations need to recognise that cloud security is a shared responsibility,” said Sean Duca, vice president and regional chief security officer, Asia-Pacific and Japan at Palo Alto Networks. “While cloud providers are responsible for the security of their infrastructure, the onus is on companies themselves to secure their data and applications stored in that infrastructure.”

Large Organisations Have Many Security Tools, but Lack a Unified View of Security

Among the Australian companies surveyed, 52 per cent operate with more than 10 security tools to secure their cloud. However, having numerous security tools creates a fragmented security posture, adding further complexity to managing security, especially if the companies are operating in a multi-cloud environment. The multi-cloud approach creates a dangerous lack of visibility that is prevalent in 69 per cent of large organisations in Australia, according to Ovum.

The report highlights the ubiquity of multi-cloud deployments in large organisations that calls for a unified view of all cloud-native services, and recommends it is ideal for organisations to have a central console that uses technologies such as artificial intelligence to help prevent known and unknown malware threats, and quickly remediate accidental data exposure when it arises.

Large Organisations Lack Cloud Security Audits and Training

The need for automation is further underscored by the study, which revealed that large enterprises do not have enough time and resources to dedicate to cloud security audits and training.

87 per cent of organisations have either never conducted a security audit or do not do it on a yearly basis. Furthermore, more than quarter of audits do not include cloud assets and 79 per cent of organisations conduct internal audits only. Besides audits, there is also inadequate cloud security training for both IT and non-IT staff. More than two thirds (68 per cent) of Australian organisations do not provide cybersecurity training to IT security employees on a yearly basis. It is, therefore, not surprising that staff outside of IT departments receive even less training – 86 per cent of non-IT professionals do not receive cybersecurity training on a yearly basis.

Despite organisations’ inability to provide more frequent audits and security training for IT teams and employees, it is encouraging to see 37 per cent of Australian organisations surveyed use threat intelligence and analytics to identify new threats and take necessary action. A further 16 per cent of Australian organisations have also equipped themselves with real-time threat monitoring capabilities.

In order to be truly secure in cloud environments, it is pertinent for organisations in Asia-Pacific to be cognisant of cloud security best practices, which include:

  • Building security into the cloud environment from the get-go; security should be an enabler to accelerate cloud adoption.
  • Developing consistent security policies across all types of cloud deployments, which can be implemented properly through the help of tools that provide a unified view of all cloud assets and the threats they face.
  • Allowing for frictionless deployment and easy scalability in multi-cloud environments, bridging the gap between highly controlled security teams and highly agile development teams.
  • Increasing audits and training for employees, both IT and non-IT.
  • Automating threat intelligence with natively integrated, data-driven, analytics-based approaches (leveraging machine learning/artificial intelligence) to avoid human error.

Learn More

  • The Asia-Pacific Cloud Security Study’ report features analysis and best practices that can be implemented to help companies in Asia-Pacific protect themselves from cloud-based threats.

Note to Editors

The survey was conducted amongst 500 respondents from various vertical industries of large businesses with over 200 employees across five countries in Asia-Pacific. There were 100 respondents per country in Australia, China, Hong Kong, India and Singapore.

The companies surveyed needed to have 200+ employees and all had to be using public cloud as a minimum. The respondents to the survey ranged from owners to business directors and C-level executives, all of whom had to be either the final decision-maker or influencer when it came to the organisations’ cloud strategy.

For more information on Palo Alto Networks cloud security offerings, visit https://www.paloaltonetworks.com/cloud-security.

###

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks introduces Demisto v5.0

Reimagined features deliver customisable and scalable security enhancements

 

Palo Alto Networks has announced new enhancements to its comprehensive Security Orchestration, Automation, and Response (SOAR) platform, Demisto. Demisto v5.0 enables security analysts to tailor the way they visualise incident and indicator flows, allowing security teams to better manage and automate incident response.

 

Key updates to Demisto v5.0 include:

  •  Reimagined User Interface
    •  Brand new UI that streamlines global navigation while also enhancing the delivery of information within each incident
  • Enhanced Threat Intelligence
    • Access rich indicator intelligence from integrated sources and take action in a scalable manner
  • Database Scaling
    • Install the Demisto app server and databases on separate machines. Multi-tier configurations let you scale your environment and manage resources efficiently
  • SOAR on the fly
    • Introduction of chat support in the mobile application, letting you update relevant stakeholders on-the-go and ability to manage notifications from the web app, choosing to receive updates on email, Slack, Mattermost, or the mobile app

 

Rishi Bhargava, VP Product Strategy, Demisto, a Palo Alto Networks company comments: “Demisto v5.0 is packed with new features suggested to us by our community of customers, partners, and independent users. We’ve also introduced changes that facilitate improved load management and scaling of resources, ensuring that organisations are secure irrespective of the pace at which they grow.

“Back in 2015 we recognised that security teams wilt under dual pressures every day: an ever-increasing volume of security alerts, and insufficient resources to address these alerts. Over the past four years, our customers have seen us as the only platform that has combined security orchestration, incident management, and real-time collaboration to make their lives easier. Automating as much as possible hands time back to security teams to investigate, learn and improve, and sometimes just take a deep breath. Since joining forces with Palo Alto Networks, we have accelerated our go-to-market and made inroads into use cases outside of traditional security operations.”

Demisto v5.0 is available today for both enterprise customers and community users. For more information, please visit https://blog.paloaltonetworks.com/2019/10/cortex-demisto-v5-soar/.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit https://www.paloaltonetworks.com

Palo Alto Networks, Demisto, and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.

SOURCE Palo Alto Networks, Inc.

Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub

Sydney, Australia – Cybersecurity solutions provider Palo Alto Networks has announced the integration of RedLock and VM-Series for AWS Security Hub, a new security service from Amazon Web Services.

Palo Alto Networks helps organisations move their applications and data to AWS with inline, API-based and host-based protection technologies that work together to minimise risk of data loss and business disruption.

Building on native AWS security capabilities, these protection technologies integrate into the cloud application development lifecycle, making cloud security frictionless for development, security and compliance teams.

AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status by aggregating, organising and prioritising alerts, or findings, from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie as well as from other APN security offerings.

The findings are then visually summarised on integrated dashboards with actionable graphs and tables.

Customers can use these collaborative efforts to help verify that their applications and data are secure.

  • RedLock integration: RedLock by Palo Alto Networks further protects AWS deployments with cloud security analytics, advanced threat detection and compliance monitoring. RedLock continuously collects and correlates log data and configuration information from AWS Config, AWS CloudTrail, Amazon Virtual Private Cloud (Amazon VPC) flow logs, AWS Inspector and Amazon GuardDuty to uncover and send security and compliance alerts to the AWS Security Hub console. The RedLock integration with AWS Security Hub provides additional context and centralised visibility into cloud security risks, allowing customers to gain actionable insights, identify cloud threats, reduce risk and remediate incidents, without impeding DevOps.

 

  • VM-Series integration: The VM-Series next-generation firewall complements AWS security groups by first reducing the attack surface through application control policies, and then preventing threats and data exfiltration within allowed traffic. The VM-Series integration with AWS Security Hub uses an AWS Lambda function to collect threat intelligence and send it to the firewall as an automatic security policy update that blocks malicious activity. As the IP address information changes, the security policy is updated without administrative intervention.

Palo Alto Networks public cloud security products and engineering senior vice president Varun Badhwar says, “The Palo Alto Networks product integrations help customers verify that their users, applications, and data are secure through a single pane of glass.

“The RedLock integration allows customers to monitor advanced threats due to common cloud misconfigurations, stolen credentials, and malicious user and network activities, while the VM-Series integration automates policies to block malicious activity.”

“With more businesses moving to the cloud, it’s critical that the alert data they receive provides them with actionable insights to successfully combat cyber attacks.”

New Zealand utility bolsters security posture, cost savings, and productivity gains with Palo Alto Networks

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, announced that The Lines Company Ltd, which owns and operates an electricity distribution network on the North Island of New Zealand, moved to the Palo Alto Networks Next-Generation Security Platform as part of a comprehensive revitalisation of its IT infrastructure. The Lines Company’s previous environment relied on firewalls that were complex to manage and failed to protect the utility from today’s cyberthreats. The decision to use Palo Alto Networks slashed network bandwidth consumption by 40 percent, improved IT staff productivity, and helped the company to avoid $50,000 in software upgrades.

Palo Alto Networks gives The Lines Company a completely different approach to network security. Within the previous environment, more than 100 security infections were discovered during a proof-of-concept deployment, requiring over 200 hours in staff time to remediate. URL Filtering from Palo Alto Networks reduced network bandwidth consumption by 40 percent. The Lines Company also streamlined rules management using App-ID™ and User-ID™ technologies, shaving the number of rules it manages by 30 percent.

QUOTE

  • “The visibility we have with the Palo Alto Networks Next-Generation Security Platform is amazing. We have virtually eliminated security infections. Our security risk posture is ten fold what it was before we migrated to Palo Alto Networks. A combination of a great product coupled with an effective businesss partner, Network Service Providers, has allowed TLC to realize significant security and operational gains. ” – Andy Simpson, Head of Information Technology, The Lines Company Ltd

Two Palo Alto Networks next-generation firewalls were placed in a redundant configuration in The Lines Company’s two data centres to allow for high availability services to critical 0800 phone services and user services. The company’s SCADA network is also protected by separate Palo Alto Networks next-generation firewalls. The Next-Generation Security Platform includes Threat Prevention for inspecting and stopping cyberthreats that move laterally across the networks, and Palo Alto Networks WildFire,™ a cloud-based threat analysis service. It also provides URL Filtering (PAN-DB) that keeps protections synchronized across the attack lifecycle with the latest threat intelligence on phishing and malware sites. Additionally, the technology includes GlobalProtect™ network security for endpoints that protects the mobile workforce against cyberattacks, evasive application traffic, malicious websites, command-and-control traffic, and both known and unknown threats.

About The Lines Company

The Lines Company owns and operates the electricity distribution network in the King Country region of New Zealand’s North Island. The distribution area covers 13,700 km2 and is one of the largest network areas in New Zealand with no major urban centre. This makes TLC a specialist in providing power to out of the way places, from the iron sands of the west coast to the highest points in the North Island of New Zealand (the Turoa and Whakapapa skifields on Mount Ruapehu). As well as keeping power flowing to homes and businesses in the region TLC also provide a full range of electrical contracting service. Several hydro generation schemes are also owned and operated by TLC.

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organisations worldwide. Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organisation’s most valuable assets. Find out more at www.paloaltonetworks.com.

Palo Alto Networks, WildFire, Traps, Panorama, GlobalProtect and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks research shows new twist on old cyberattack method targeting mobile devices

Paloalto LogoPalo Alto Networks® (NYSE: PANW), the next-generation security company, today revealed details of a new “BackStab” attack used to steal private information from mobile device backup files stored on a victim’s computer. A white paper from the company’s Unit 42 threat intelligence team explains how cyberattackers are using malware to remotely infiltrate computers and execute BackStab attacks in an unprecedented fashion.

Used to capture text messages, photos, geographic location data, and almost any other type of information stored on a mobile device in their possession, BackStab has been employed by law enforcement and cyberattackers alike. The Unit 42 white paper shows how BackStab attacks have evolved to leverage malware for remote access and why Apple® iOS devices have been a primary target for attacks, as the default settings in iTunes® store unencrypted backup files in fixed locations and automatically sync devices when they are connected to a user’s computer.

Quote

“Cybersecurity teams must realise, just because an attack technique is well-known, that doesn’t mean it’s no longer a threat. While conducting our research into BackStab attacks, we gathered over 600 malware samples from 30 countries around the world that were used to conduct remote BackStab attacks.”

–          Ryan Olson, director of threat intelligence, Unit 42, Palo Alto Networks

Recommendations

  • iOS users should encrypt their local backups or use the iCloud backup system and choose a secure password.
  • Users should upgrade iOS devices to the latest version, which creates encrypted backups by default.
  • When connecting an iOS device to an untrusted computer or charger via a USB cable, users should not click the “Trust” button when the dialogue box is displayed.

Download the white paper at:

https://www.paloaltonetworks.com/resources/research/unit42-backstab-mobile-backup-data-under-attack-from-malware.html

Subscribe to Unit 42 research updates at

http://researchcenter.paloaltonetworks.com/unit42/

Learn more about Unit 42, the Palo Alto Networks threat intelligence team, at https://www.paloaltonetworks.com/threat-research.html

###

About Palo Alto Networks

Palo Alto Networks is the next-generation security company, leading a new era in cybersecurity by safely enabling applications and preventing cyber breaches for tens of thousands of organizations worldwide.  Built with an innovative approach and highly differentiated cyberthreat prevention capabilities, our game-changing security platform delivers security far superior to legacy or point products, safely enables daily business operations, and protects an organization’s most valuable assets.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks appoints Sean Duca as Vice President & Regional Chief Security Officer for Asia Pacific

June 16, 2015Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has announced the appointment of Sean Duca as Vice President & Regional Chief Security Officer (CSO) for Asia Pacific.

Duca, who is based in Sydney, Australia, will be responsible for the development of threat intelligence security best practices and thought leadership for Palo Alto Networks in the region. This includes strengthening security initiatives and maintaining good channels of communications and support for Palo Alto Networks’ customers across Asia Pacific. Sean also will be a key addition to the Palo Alto Networks Threat Intelligence team, Unit 42, actively contributing to an APAC perspective on the latest findings of cyber threats.

With more than 17 years of experience in the IT security space, Duca is widely recognised as a thought leader in the technology industry. He has provided expert guidance and advice to the Australian government around online safety issues, and on cybersecurity matters to the public and private sector within Asia Pacific.

QUOTES:

· “I am delighted to welcome Sean to Palo Alto Networks. Sean is recognised as a trusted advisor in the IT security space and has extensive knowledge on threat intelligence and security best practices within Asia Pacific. With his wealth of experience and knowledge, Sean will be an excellent addition to the team, helping to further bolster our position in the Asia Pacific market and better serve the growing needs of enterprises across various industries in the region.”
– Rick Howard, Chief Security Officer, Palo Alto Networks

· “Palo Alto Networks is a disruptive player in the Asia Pacific enterprise security market, being acknowledged as a trailblazer by analyst houses and industry experts and owing much of its momentum to its unique and innovative next-generation security platform. I look forward to helping further strengthen Palo Alto Networks’ position as a leader in the region by engaging directly with customers and industry organisations about today’s cybersecurity challenges, threat intelligence and related topics.”
– Sean Duca, Vice President & Regional Chief Security Officer (CSO) for Asia Pacific.

Prior to joining Palo Alto Networks, Duca spent 15 years with Intel Security, most recently as the company’s Chief Technology Officer for Asia Pacific. In this role he was responsible for improving and driving the company’s solution strategy and technology vision and steered the development of Intel Security’s reference architectures in close collaboration with customers and partners across the region. Prior to this, Duca held managerial roles at the company with a focus on technology management and sales engineering. Before Intel Security, he was involved in software development, technical support and consulting services for a range of Internet security solutions.

 

About Palo Alto Networks
Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Palo Alto Networks reveals discovery of unprecedented iOS and OS X malware

Research spotlights new malware family distributed through trojanised and repackaged Apple OS applications

Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has announced discovery of a new family of Apple OS X and iOS malware exhibiting characteristics unseen in any previously documented threats targeting Apple platforms. This new family, dubbed WireLurker, marks a new era in malware across Apple’s desktop and mobile platforms, representing a potential threat to businesses, governments and Apple customers worldwide.

Among its defining characteristics, WireLurker represents:

  • the first known malware family that can infect installed iOS applications similar to how a traditional virus would
  • the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning
  • only the second known malware family that attacks iOS devices through OS X via USB
  • the first malware family to automate generation of malicious iOS applications through binary file replacement.

WireLurker malware was discovered by Claud Xiao of Unit 42, the Palo Alto Networks threat intelligence team, and detailed in a report, “WireLurker: A New Era in OS X and iOS Malware.”

Continue reading “Palo Alto Networks reveals discovery of unprecedented iOS and OS X malware”

Palo Alto Networks expands global distribution agreement with Westcon Group

Premier value-added distribution network to provide worldwide push for industry’s fastest-growing enterprise security platform

August 29, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, and Westcon Group, the value-added distributor of security, unified communications, network infrastructure, and data centre solutions, has announced that the companies have expanded their global distribution agreement. The deal opens up new markets throughout the world for the industry’s fastest-growing enterprise security platform, empowering resellers using highly integrated global distribution capabilities.

Palo Alto Networks and Westcon Group have held regional distribution relationships for several years. As teams and processes align at a global level, the companies will soon do business in more than 40 countries. Over the next few years, Palo Alto Networks and Westcon Group will invest in every theatre to take advantage of shared momentum, providing resellers access to a full technology ecosystem and more efficient global business operations.

Quotes:

 · “Palo Alto Networks has been an important partner in our Security Practice,” said Dolph Westerbos, Chief Executive Officer, Westcon Group. “Unifying our relationship globally just makes sense. This provides our reseller and service provider partners with a broader and more consistent security portfolio around the world, and leverages Westcon’s technical and market expertise to drive new revenue.”

· “For years, Westcon Group has been a valuable ally to Palo Alto Networks,” said Mark McLaughlin, Chairman and Chief Executive Officer, Palo Alto Networks. “We are pleased to have now a major worldwide distribution partner committed to shared success in a global market hungry for a true next-generation enterprise security platform.”

For more:

· read about today’s announcement on the Palo Alto Networks partners blog

· visit Palo Alto Networks at www.paloaltonetworks.com

· visit Westcon Group at www.westcongroup.com

· visit Westcon Group on Facebook and LinkedIn.

 

ABOUT WESTCON GROUP
Westcon Group, Inc. is the value-added distributor of security, unified communications, network infrastructure, and data centre solutions. The company’s teams create unique programs and provide exceptional support to accelerate the business of its global partners. Strong relationships at every level of the Westcon Group organisation enable partners to receive support tailored to their needs. From global logistics and flexible customised financing solutions to pre-sales, technical and engineering assistance, the company works with partners to respond with agility and speed to changing market conditions so they can achieve the fastest time to revenue. Westcon Group’s portfolio of market-leading vendors includes: Cisco, Avaya, Polycom, Check Point, F5, Blue Coat and Palo Alto. For more information, please visit www.westcongroup.com.

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

 

Palo Alto Networks unveils security risks in Android Internal Storage

New research shows potential for attack in more than 94 per cent of popular Android mobile applications

 August 28, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has presented new research highlighting security risks in the internal storage used by applications on Google Android devices. More than 94 per cent of popular Android applications are potentially vulnerable.

Android Internal Storage is a protected area that Android-based applications use to store private information, including usernames and passwords. But as Palo Alto Networks research reveals, an attacker may be able to steal sensitive information from most of the applications on an Android device using the Android Debug Bridge (ADB) backup/restore function. In addition, most of the security enhancements added by Google to prevent this type of attack can be bypassed.

Key details:

  • anyone using a device running version 4.0 of Android – about 85 per cent of Android systems in use today – is potentially vulnerable
  • to use ADB, an attacker would need physical access to the device, whether borrowing or stealing it from the user; an attacker could also take control of a system to which the device is connected via USB
  • more than 94 per cent of popular Android applications, including pre-installed email and browser applications, use the backup system, meaning users are vulnerable
  • Many Android applications will store user passwords in plain text in Android Internal Storage, meaning almost all popular e-mail clients, FTP clients and SSH client applications are vulnerable
  • Google has set the default for applications to allow back-ups; application developers are responsible for disabling the feature or otherwise restricting backups; however, the high percentage of applications that have not disabled or restricted backups suggests many developers are unaware of the risks.

Palo Alto Networks recommends Android users disable USB debugging when not needed, and application developers protect Android users by setting android:allowBackup to false in each Android application’s AndroidManifest.xml file or restricting backups from including sensitive information using a BackupAgent.

Read full technical details regarding the announcement on the Unit 42 research blog.

Quote

  • “We encourage users to be aware and Google to take a closer look at this storage weakness in Android. Given Android’s place as the world’s most popular mobile operating system, millions of users are potentially at risk.” – Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks

 

About Palo Alto Networks

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com.

Palo Alto Networks uncovers new source of cyberthreats targeting businesses

23 July 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, has revealed that cyber criminals in Nigeria have evolved common malware campaigns to infiltrate businesses that have not previously been their primary targets.

419 Evolution, a new report released today from Unit 42, the Palo Alto Networks threat intelligence team, explains how Nigeria-based scammers are now using the same tools more sophisticated criminal and espionage groups often deploy to steal business-critical data from enterprises.

Nigerian criminals are infamous for running easily-spotted “419” phishing scams that attempt to collect credit card details or personal information from individuals, but over the past few years have expanded their skills to target businesses using more advanced techniques. Palo Alto Networks researchers discovered these activities and techniques, code-named Silver Spaniel, using WildFire, which rapidly analyses cyberthreats in a cloud-based, virtual sandbox environment.

Key research takeaways:

  • Among other techniques, Nigerian criminals use Remote Administration Tools (RATs) available through underground forums, including commercial RATs such as NetWire, that provide complete control over infected systems
  • Attacks similar to Silver Spaniel in the past may have come from Eastern Europe or a hostile espionage group; businesses haven’t traditionally dedicated resources to these potentially impactful spammers from Nigeria
  • Traditional Antivirus programs and legacy firewalls are ineffective because Silver Spaniel attacks are specifically designed to evade those technologies.

Quote: “These Silver Spaniel malware activities originate in Nigeria and employ tactics, techniques and procedures similar to one another. The actors don’t show a high level of technical acumen, but represent a growing threat to businesses that have not previously been their primary targets.” — Ryan Olson, Unit 42 Intelligence Director, Palo Alto Networks

To protect against the NetWire RAT, Palo Alto Networks has released a free tool to decrypt and decode command and control traffic and reveal data stolen by Silver Spaniel attackers, available at https://github.com/pan-unit42/public_tools.

Palo Alto Networks launches a new era in threat intelligence Unit 42, the Palo Alto Networks threat intelligence team, is made up of accomplished cybersecurity researchers and industry experts. Unit 42 gathers, researches and analyses up-to-the-minute threat intelligence, sharing insights with Palo Alto Networks customers, partners and the broader community to better protect organisations.

Unit 42 focuses on the technical aspects of attacks, as well as the context in which they are launched, helping all members of the business community, from CEOs to security practitioners, better understand who is executing attacks and why.

To learn more:
Download 419 Evolution, the latest research report from Unit 42, visit the Unit 42 homepage and read the Unit 42 blog for additional insights from the threat intelligence team.

ENDS

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats. Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today’s dynamic computing environments: applications, users, and content. Find out more at www.paloaltonetworks.com

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.