Tag Archives: pfpt

Cyberheist Dumps Seagate Technology, Snapchat Deep In Phishing Hole

A sprawling tax-fraud scheme duped Seagate Technology ( STX ) and Snapchat into dispensing thousands of W-2 forms, highlighting a major fissure in the cybersecurity industry, a Proofpoint ( PFPT ) representative said Thursday. The breach exposed nearly 10,000 former and current Seagate employees, according to a statement from the data storage firm. The breach was discovered March 1 on the heels of a similar attack on photo-sharing app Snapchat. Seagate stock fell 3.5% Tuesday as the news made headlines and fell a fraction Wednesday before rising 2.2% Thursday. Seagate confirmed the breach in an email to IBD. “The information was sent by an employee who believed the phishing email was a legitimate internal company request,” Seagate said. Released information includes Social Security numbers, birthdates and addresses of anyone employed by Seagate in 2015. Phishing Attacks On The Rise Phishing attacks on businesses are becoming more prevalent, Ryan Kalember, Proofpoint senior vice president of cybersecurity strategy, told IBD. He refers to it as “impostor fraud.” The W-2 attack is just the most recent iteration, he said. Snapchat admitted to a similar attack on Feb. 28 in a blog post titled “An Apology to Our Employees.” The scammer impersonated CEO Evan Spiegel , successfully asking for payroll information. Internal systems and user information remained secure. Both Seagate and Snapchat reported the attacks to the FBI, which recorded more than $215 million lost in phishing attacks between October 2013 and December 2014, according to a report in January. Both firms also offered two years of credit monitoring for the victims. “When something like this happens, all you can do is own up to your mistake, take care of the people affected and learn from what went wrong,” Snapchat wrote. Tax fraud phishing is seasonal, Kalember noted. Wire transfer requests are also popular — and thrifty — modes of generating a lot of money. Networking firm Ubiquiti Networks ( UBNT ) found that out the hard way last August after a phisher tricked it into wiring $46.7 million overseas. Spear-Phishing Targets Companies And scammers are becoming more sophisticated, says Slawek Ligier, Barracuda Networks ’ ( CUDA ) vice president of product development. “Spear-phishing” and “whaling” involve targeting someone with either money or access. Tricky email tactics — changing the “N” in Barracuda Networks to “M” or spoofing a CEO’s email address — tend to reap the most success, Ligier told IBD. From there, scammers indulge in a series of social engineering measures. “They don’t want to waste their time on people who won’t fall for it,” he said. “But the scammer will really invest a lot of time and effort to slowly reel their victim in.” Stickier yet, there are legitimate reasons to spoof a CEO’s email, Kalember says. A company will allow a third-party to spoof an email — make it appear as if the email is coming from that CEO — for marketing purposes. A spoof can use any display name that the spoofer chooses. Traditional email protection services can’t deal with spoofs, Kalember says. “Defenses are looking for malware, and they are not equipped for this,” he said. “There is no malware. There is no payload. And the tricky part is, there’s also legitimate business emails from people who need their W-2s.” Scammers Rely On Social Engineering Agari CEO Patrick Peterson says his privately held company aims at this problem. Cisco Systems ( CSCO ) IronPort business veterans (Cisco bought IronPort in 2007) founded Agari, which uses proprietary technology to filter out phishing emails, Peterson told IBD. It differs from Proofpoint, which plans this quarter to flag phishing emails in the same vein as spam and “adult content.” “When (executives) see these stories about Seagate, I imagine they break out into a cold sweat, thinking they have no solution,” Peterson said. Spear-phishers differ from mass phishers. The latter sends a blast email hoping to dupe a few vulnerable people. The former involves more research and relies on social engineering to persuade a target of its legitimacy. “The best defense we have today — which is a pretty crappy one — is telling people to be careful,” he said. At the annual cybersecurity RSA Conference last week in San Francisco, Calif., executives were most concerned about phishing scams, he said. Malware detection has become so sophisticated that scammers have been forced to rely on the weak human link. So far, it’s working. Recent breaches of the Office of Personnel Management, Anthem ( ANTM ), Sony ( SNE ) Pictures Entertainment and Target ( TGT ) also began with a phishing email; they account for about 90% of all attacks, Peterson said. “This really serves as a wake-up call to the tech industry to dig deep and find solutions,” he said. “Unfortunately, my crystal ball says we’re going to see a lot more of these notices.”

Palo Alto Networks Wins ‘Bake-Offs’ Against Cisco, Check Point

Proofpoint ( PFPT ) rebuffed Wall Street concerns that tech spending has slowed this quarter, Piper Jaffray analyst Andrew Nowinski wrote Monday, following last week’s 40,000-attendance cybersecurity RSA Conference in San Francisco. Fears of a tech spending depression slugged IBD’s 25-company Computer Software-Security industry group after dismal outlooks by Tableau Software ( DATA ) and LinkedIn ( LNKD ) last month. The group hit a 20-month low on Feb. 9 but has since risen 31%. A weak spending outlook did not play out at RSA, Nowinski and William Blair analyst Jonathan Ho wrote Monday in separate research reports. “(Proofpoint) management said they are seeing ‘absolutely no change in the buying environment,’” Nowinski wrote. “Based on our meetings at the conference, we believe demand trends in Q1 have remained strong through the first two months of the year.” Endpoint Pits Symantec, FireEye, IBM Trending buzzwords include endpoint security, internal access management and privileged account management, Nowinski wrote. Symantec ( SYMC ), FireEye ( FEYE ) and IBM ( IBM ) (via a partnership with Carbon Black) compete in the endpoint market. Industry tracker IDC sees endpoint security revenue reaching $4.6 billion in 2016, up 5.4% and accelerating from 2% year-over-year growth in 2015, Nowinski wrote. Despite a marketing refresh, Symantec will struggle against “rapidly growing next-generation endpoint vendors that have demonstrated stronger solutions,” Ho predicted. FireEye, on the other hand, bolstered its threat-prevention capabilities by adding exploit detection to its endpoint. IDC also expects internal access management revenue to reach $5.9 billion in 2016 and grow at an 8% compound annual growth rate through 2019. Within that sector, privileged account management will comprise $550 million, growing at a 10.6% CAGR over the next four years, Ho says. CyberArk Software ( CYBR ) rivals Centrify in the identity access management ring, Nowinski wrote. But Centrify’s tools for securing both privileged accounts and end-user identity give it a broader portfolio than CyberArk, he wrote. During RSA, CyberArk released a new version of its privileged threat analytics system, aimed at stopping “Golden Ticket” attacks which exploit privileged credentials in Microsoft ( MSFT ) domain-level administrator accounts, Ho wrote. Ho also noted that a platform focus continues to buoy Palo Alto Networks ( PANW ), which he says still wins “bake-offs” against Cisco Systems ( CSCO ), Check Point Software Technologies ( CHKP ) and Juniper Networks ( JNPR ). But Check Point’s software-based firewall could be a game changer, he wrote. “Check Point’s software-based firewall appears better positioned than competitors for the upcoming shift to third-party cloud architectures such as AWS ( Amazon ( AMZN ) Web Service) and (Microsoft) Azure,” he said. ‘Spending Has Not Weakened’ Ultimately, the RSA Conference quelled concerns of slowing spending and lengthening sales cycles, Ho wrote. RSA saw 70 first-time exhibitors, giving it 500 companies at the event, and more than 20% growth from 33,000 attendees in 2015. “We observed continued excitement over the space and a strong appetite for new solutions, consistent with prior years,” Ho wrote. “Our discussions with private and public companies suggest that the environment remains robust and that security spending has not weakened near term.” Overall themes included the burgeoning Internet of Things market, encryption, third-party cloud security, identity/access management as-a-service, real-time visibility, next-generation endpoint security, automation/orchestration and leveraging Big Data analytics, Ho wrote. “The conference reinforced our view that the companies best positioned to benefit from increased spending are those that offer innovative next-generation approaches that will see rapid growth in investment,” he wrote. Customers are looking at cost, manageability and vendor consolidation, Ho wrote.

IBM To Acquire Resilient Systems, Undercut Cisco, Symantec, FireEye

Tech giant IBM ( IBM ) plans to undercut Cisco Systems ( CSCO ), Symantec ( SYMC ), FireEye ( FEYE ) and Rapid7 ( RPD ) by acquiring incident response firm Resilient Systems and partnering with endpoint security provider Carbon Black, the company announced Monday. The announcement comes a week after IBM unveiled a deeper tie to No. 1 cybersecurity pure-play Check Point Software Technology ( CHKP ) to pool research and integrate systems. IBM stock was up 0.9% in morning trading on the stock market today . IBD’s 25-company Computer Software-Security industry group was down a fraction Monday as companies headed to the RSA Conference, a massive cybersecurity industry gathering that runs all week in San Francisco. Caleb Barlow, vice president of IBM Security, described the Resilient Systems acquisition as the cornerstone of a three-prong strategy to protect, defend and respond to cyberbreaches. Per IBM policy, he wouldn’t disclose the price tag for the privately held, 100-employee company. “This ultimately gives us the ability to expand from protecting and defending the enterprise to also being able to respond to a breach,” Barlow told IBD. “This combination of a new acquisition and the associated partnerships really make a move into the incident-response space.” Carbon Black Has Big Share Of Endpoint Security In conjunction with the acquisition, IBM will partner with endpoint security firm Carbon Black. Privately held Carbon Black owns 37% of the endpoint market, according to industry tracker IDC. Carbon Black’s platform will allow IBM analysts to conduct security forensics on compromised endpoint devices. Resilient Systems will be integrated into IBM’s incident-response platform, dubbed X-Force Incident Response Services. Via X-Force, IBM will counsel clients through all parts of a cyberbreach and on ways to avoid such breaches. Barlow likened the service to a fire drill. “Most companies don’t have good incident-response plans,” he said. “There’s a binder on the shelf for what to do in the case of a fire or what to do in the case of a flood, but not necessarily what to do in the case of a cyber incident.” That “binder” includes pertinent leadership, disclosure and public relations keys in case of a breach, he said. IBM’s move allows the company to “pivot” from protecting and defending to responding to a breach, he says. It’s all part of IBM’s push into the cybersecurity market. In 2015, IBM pulled in $2 billion in security revenue. That was up 12% but still accounted for only 2.4% of IBM’s total revenue of more than $81 billion, which fell 12%. But the dollar amount topped total sales for security pure-players Palo Alto Networks ( PANW ), Proofpoint ( PFPT ), Fortinet ( FTNT ) and FireEye. And IBM’s security business also outgrew Symantec and Check Point. The security unit was launched four years ago, Barlow says. Since then, it has added 7,300 employees — 1,000 last year alone — and operates in 133 countries globally. “Imagine if that were the conversation about a Silicon Valley startup,” he said.