Ciberataques a través de Google Sheets: Una nueva amenaza de espionaje

En el cambiante panorama de la ciberseguridad, los ciberdelincuentes están constantemente buscando nuevas formas de explotar vulnerabilidades y llevar a cabo sus actividades maliciosas. Recientemente, se ha descubierto una novedosa campaña de malware que utiliza Google Sheets, una herramienta de colaboración en línea ampliamente utilizada, como mecanismo de mando y control (C2). Esta campaña,…

Proofpoint 4° User Group Italia

Mercoledì 6 Giugno – 4° Proofpoint User Group Impara a pensare come un vero cybercriminale Ciao, raramente scrivo di cose non strettamente personali ma questo è un evento che, a parte il fatto che ci sarò, vale la pena davvero di condividere. Proofpoint Italia annunzia per Mercoledì 6 Giugno il prossimo (il 4°) Users Group, che vedrà i partecipanti cimentarsi nei panni di un hacker al mattino…

View On WordPress

Threat Actor Targets Recruiters With Malware

Proofpoint has warned recruiters of a skilled threat actor targeting them with emails designed to deploy malware. TA4557 is a financially motivated threat actor known to distribute the More_Eggs backdoor, which is designed to establish persistence, profile the targeted machine and drop additional payloads. Throughout 2022 and most of 2023 the actor has been replying to open job listings on…

View On WordPress

Cybersecurity Awareness: Tips for Protecting Information and Managing Risk

Contributed by Proofpoint, Fairfield University's email firewall vendor

Why Varying Your Passwords Is So Important

Passwords have long been considered a simple but effective way to protect equipment, data, and networks. But as we continue to use more and more devices, applications, and systems, the simplicity is fast being lost. With several devices and dozens of online services used daily — many of which are likely to have varying password policies — it can be next to impossible to keep track of our logins.

People cope with the sheer number of passwords they have in several ways. Unfortunately, the most common — and riskiest — approach is to reuse passwords. Why is this so dangerous? Because the loss of one password for one account — perhaps through malicious software, a phishing email, or a data breach on a website — could cascade into the loss of multiple accounts.

How might that happen? Let's say you use the same password for a social media account that you use for your email. Let's also say that hackers break into the social media site and steal all of the passwords there. Using special tools, these hackers can quickly tie passwords to users and users to email addresses. Once that happens, your accounts can be reset by the hackers and fall under their control.

Tips for Protecting Your Information

If you don’t already, the first order of business is to use a unique, strong password for each important site. An important site is one that houses or gives you access to sensitive data:

Banking, e-commerce, and other money-related information (e.g., credit card or checking accounts)

Confidential personal information (e.g., federal tax filings, medical or insurance accounts)

Private communications (e.g., work or personal emails, social networking) 

It's OK to reuse passwords for unimportant sites, such as for news sites, general message boards, or other sites in which you don’t reveal any personal data. But for important sites, unique and complex logins are a must.

The second thing you can do is to write down important passwords and keep them safe. It goes without saying that any list of this kind needs to be kept private and secure. Options include writing your passwords down and storing them in a safe place in your house (e.g., a lockable drawer), or using a password manager application on your smartphone (which, naturally, should be secured with a PIN).��

Bottom Line: Manage Your Risk

So, how do you decide if a site is important or not? Think about the potential damage if a hacker gained access to your password and the data protected by that password. If a compromised password could result in significant damage — in terms of identity theft, stolen money, or loss of sensitive or confidential information from your workplace — that is an important site and you need a unique, private password for that account. 

Proofpoint Buys Deception Tech Startup Illusive Networks

Proofpoint Buys Deception Tech Startup Illusive Networks

Home › Cyberwarfare Proofpoint Buys Deception Tech Startup Illusive Networks By Ryan Naraine on December 12, 2022 Tweet Enterprise security vendor Proofpoint on Monday announced plans to acquire Illusive Networks, a startup that helped pioneer deception technology to help detect data breaches. Financial terms of the planned acquisition were not disclosed. Illusive Networks, a Series B startup…

View On WordPress

the fact this happened after the him vs it discourse (widely spread on twt btw)

https://twitter.com/LOUIESTREAM/status/1702075734833987892?t=RZZZh3lmmWClFjgS19iCAQ&s=19

the face he did afterwards like is he annoyed to say "it" or is he annoyed about the forceful "him". Ngl, from the 2nd half of the NA leg until now, almost every crowd does say Love him so... what are your thoughts Jen?

anon 2: U gotta roll ur eyes - the people making a big deal ALL OVER THE INTERWEBZ of Louis supposedly singing “I love him” (as if Harry is the only him, ever btw) are now offended he made a point of singing (screaming?) the “it” today. Not really sure what they expected? Oh wait, I do (him to profess his undying love for a certain curly headed c- on stage) but not happening, not today, not next year, and actually I would put money on neverrr

I think their best bet is on any declarations is from Harry, but only under sad circumstances hopefully decades from now and nothing beyond a few sentences

----------------

I feel like "him" was the original lyric (much like running from the bullshit is the original--and far superior!--lyric on SOTT), so far all we know, cross-faded Louis Tomlinson is just out there, going with v1, but also? I feel like you reap what you sow, and he wants zero larry associations, so I'm sure he was like, oh shit, okay, whoops. But also also? Yeah, there's more than one him in this world, and there's a lot of yoyo action in his real life, so for all we know, that's a clue to a deeper situation than larr nation wants to venture into

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

Source: https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html

More info: https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

Excerpt from this story from Canary Media:

Cleaning up the grid will require installing a lot of batteries to store renewable energy. Startup Element Energy has delivered a powerful proofpoint for a new way to do that more cheaply without sacrificing safety.

Element has been operating what appears to be the largest grid storage plant in the world composed of previously used electric vehicle batteries, co-founder and CEO Tony Stratakos told Canary Media last week. The 53 megawatt-hour project, which is located in West Texas at a wind farm owned by mega-developer Nextera Energy Resources, came online in May, but the startup is going public with the information now for the first time.

Previously, the largest second-life grid battery that Canary Media had reported on was B2U Storage Solutions’ project in Lancaster, California, which has grown to 28 megawatt-hours.

Element got its hands on a warehouse full of modules taken out of used EV battery packs, all in various states of health after their time pushing different cars around. The startup repackages them into containers operated by its proprietary hardware and software, which fine-tune commands at the cell level, instead of treating all the batteries as a monolithic whole. This enables the system to get more use out of each cell without stressing any so much that they break down or — worst-case scenario for a battery plant — cause a fire.

Element Energy is technically the battery vendor to the power plant’s owner. So far, no company has publicly taken credit for buying this innovative system from Element and installing it, though a Department of Energy grant announcement for the project describes it as a joint pursuit with Nextera, which happens to own the wind farm location where the batteries were installed.

Since Element isn’t in the business of power plant development, its strategy relies on leveraging the success of this first major installation to convince more storage developers to buy its lower priced, refurbished grid batteries instead of the brand-new variety.

Venture capitalists have doubled down on that strategy, handing Element a $72 million Series B last November, alongside a $38 million debt facility from Keyframe Capital. That followed a $15 million Series A in 2019. Stratakos also revealed that his company finalized a partnership with LG Energy Solution Vertech, the grid storage branch of one of the major global lithium-ion manufacturers. That much bigger company — which previously invested in Element through its venture arm — will take Element’s battery enclosures and supply the inverters and auxiliary equipment needed to make a turnkey power plant. LG will also provide operations and maintenance, alleviating the risks associated with buying a long-term grid asset from a young startup.

OpenAI は、マルウェアのデバッグと開発、誤った情報の拡散、検出の回避、およびスピア フィッシング攻撃の実行のために、AI を活用したチャットボット ChatGPT を悪用する 20 以上の悪意のあるサイバー操作を妨害しました。 この報告書は年初からの作戦に焦点を当てており、攻撃的なサイバー作戦を強化するために生成型主流AIツールが使用されていることを初めて公式に確認したことになる。 このような活動の最初の兆候は、 4 月に Proofpoint によって報告され 、TA547 (別名「Scully Spider」) が最終ペイロードである Rhadamanthys 情報窃盗用に AI で作成された PowerShell ローダーを展開しているのではないかと疑っていました。 先月、 HP Wolf の研究者は、 フランスのユーザーをターゲットにしたサイバー犯罪者が AI ツールを使用して、複数段階の感染チェーンの一部として使用されるスクリプトを作成していると確信を持って報告しました。 で OpenAI による最新のレポート は、ChatGPT の悪用が確認されており、中国とイランの脅威アクターが作戦の有効性を高めるために ChatGPT を利用している事例が示されています。

OpenAI、脅威アクターが ChatGPT を使用してマルウェアを作成していることを確認

L’affondamento dello yacht del magnate britannico Mike Lynch comincia a evidenziare alcuni dettagli che alimentano seri sospetti sui contorni della morte sua, del boss della Morgan Stanley, Johnatan Bloomer, del loro avvocato di fiducia e delle rispettive mogli nelle acque di Porticello a Palermo. Non è certo un dettaglio che ben sei agenti speciali britannici si siano precipitati sul posto per capire – o per coprire? – quello che è accaduto.

In primo luogo c’è la morte, appena quattro giorni fa, del numero due dell’azienda di Lynch, Stephen Chamberlain, investito mentre faceva jogging a Stretham, in Gran Bretagna. Chamberlain lavorava come direttore operativo per la società di sicurezza informatica Darktrace, legata al magnate Lynch.

In secondo luogo Lynch era uno squalo della finanza soprattutto nel settore sensibilissimo della cybersicurezza e dunque anche della cyberwar. E in questo settore i punti di contatto con il mondo dell’intelligence e del lavoro sporco sono innumerevoli.

[...]

Darktrace, azienda di sicurezza informatica fondata dal magnate britannico Mike Lynch – una delle sei persone disperse nel naufragio avvenuto ieri a Porticello, nei pressi di Palermo – ha rapporti consolidati con l’intelligence israeliana. Darktrace è ben nota ai servizi segreti internazionali, italiani compresi, ma ha stretti rapporti, in particolare, con quelli israeliani che, secondo una fonte interpellata da “Agenzia Nova”, hanno utilizzato i sistemi dell’azienda britannica per individuare alcuni dei massimi dirigenti di Hamas.

Lynch, noto anche come il “Bill Gates britannico”, ha avuto un ruolo importante nella nascita di Darktrace. La società, infatti, è stata fondata nel 2013 a Cambridge, da matematici ed esperti di difesa informatica di Invoke Capital, altra impresa di proprietà proprio di Lynch.

[...]

’estate scorsa Darktrace aveva presentato sul mercato Heal, il suo nuovo strumento che sfrutta l’intelligenza artificiale per facilitare la fase cosiddetta di “incident response”, ovvero la capacità di rilevare e gestire gli attacchi informatici in modo da ridurre al minimo i danni, i tempi di recupero e i costi totali.

Lo scorso primo marzo l’azienda ha annunciato la nascita di Darktrace Federal, una nuova divisione al servizio del Dipartimento della Difesa degli Stati Uniti, della comunità di intelligence, delle agenzie civili federali e delle infrastrutture critiche nazionali per rafforzare le loro capacità di proteggersi dagli attacchi cyber.

In Darktrace Federal lavorano esperti in materia di sicurezza ed ex membri dell’intelligence statunitense che hanno guidato le operazioni informatiche presso la Cia e fornito assistenza all’Agenzia per la sicurezza nazionale (Nsa) e al Pentagono. Un annuncio che non sorprende, ma che anzi conferma la stretta vicinanza fra l’azienda fondata da Lynch e la comunità internazionale dell’intelligence.

È notizia dello scorso 26 aprile, invece, l’acquisizione di Darktrace da parte del fondo d’investimento statunitense Thoma Bravo per 5,32 miliardi di dollari. La trattativa era iniziata nel 2022 ma aveva subito una battuta d’arresto a causa di una serie di difficoltà nei negoziati fra le dirigenze delle due aziende. Thoma Bravo ha visto l’acquisizione come un’opportunità per rafforzare la propria esposizione nel mercato della sicurezza informatica: d’altronde, il fondo Usa possiede già diverse aziende che operano nel comparto, come Sophos, Proofpoint, Ping Identity e SailPoint.

Per Darktrace, invece, l’acquisizione potrebbe rappresentare un’opportunità di crescita e innovazione: un’operazione “win-win” come si dice in questi casi. Non sempre, tuttavia, sono filati lisci i rapporti fra le società legate a Lynch e gli Stati Uniti. L’imprenditore britannico, infatti, lo scorso giugno era stato scagionato – non senza sorprese – da un tribunale di San Francisco dalle accuse di frode e falso in bilancio presentate da Hewlett Packard. Lynch, infatti, aveva venduto al colosso statunitense del settore high tech, Autonomy, altra società informatica da lui fondata ma era stato accusato di aver gonfiato il valore della società prima della transazione.

Una vicenda che durava da ben 13 anni, quella del contenzioso fra Lynch ed Hewlett Packard che, tuttavia, si era conclusa nel migliore dei modi per l’imprenditore britannico che in questi giorni si stava godendo una vacanza con la famiglia in Italia. La vacanza, però, ha assunto toni decisamente drammatici in seguito del naufragio in Sicilia dello yacht che ospitava, complessivamente, 22 persone.

[...]

Privacy Tip #358 – Bank Failures Give Hackers New Strategy for Attacks

Hackers are always looking for the next opportunity to launch attacks against unsuspecting victims. According to Cybersecurity Dive, researchers at Proofpoint recently observed “a phishing campaign designed to exploit the banking crisis with messages impersonating several cryptocurrencies.” According to Cybersecurity Dive, cybersecurity firm Arctic Wolf has observed “an uptick in newly registered…

View On WordPress

Image Credits: Proofpoint American enterprise cybersecurity company Proofpoint has announced the plan to establish a new data centre in Singapore in 2025. Announced at GovWare 2024, it will enable customers to comply with the country’s local data residency regulations The facility will provide AI-powered cybersecurity solutions to protect against ransomware, business email compromise (BEC), and social engineering threats. Proofpoint’s senior vice president, George Lee, said that as Singapore confronts a complex threat landscape driven by cloud adoption, remote work, and digitalisation, the focus is on providing human-centric cybersecurity solutions. With the surge in data generation and the tightening of data residency regulations, protecting sensitive information becomes crucial, said Lee. “As cyberattacks become sophisticated, businesses must adopt multi-layered, cloud-native security to protect both people and data from emerging threats, while ensuring that information remains securely within the country,” he added. The Singapore data centre will be Proofpoint’s 28th globally, following the launch of an Australian data centre in 2023. This also signals ongoing investment in the Asia Pacific region. Proofpoint has expanded its presence in Singapore since 2010, with around 70 employees currently based there.

AI-Generated Malware: Are We Ready for the Next Wave of Cyber Threats?

Artificial Intelligence (AI) is reshaping every facet of our digital world—driving innovation, automating processes, and, unfortunately, amplifying cyber threats.

Among the most concerning developments is the rise of AI-generated malware. Yes, malware crafted by AI itself, which takes the complexity and danger of cyberattacks to unprecedented levels. As cybercriminals leverage AI to create more advanced, evasive, and damaging attacks, organizations must ask themselves a critical question: Are we truly prepared for this next wave of cyber threats?

The Rise of AI in Cybercrime

AI has revolutionized cybersecurity, empowering defenders with smart algorithms that can identify anomalies, predict attacks, and react in real time. But cybercriminals, ever-adaptive and opportunistic, are using the same technology for nefarious purposes. AI-generated malware is the latest and most dangerous tool in their arsenal. With AI’s help, malware can be written faster, be more resilient to detection, and adjust its behavior dynamically to avoid traditional defenses.

This isn’t speculative fiction; it’s happening now. In April 2024, cybersecurity firm Proofpoint identified a Chinese cyberespionage group, TA547 (Scully Spider), using AI to develop PowerShell loaders for malware chains. Similarly, HP Wolf Security uncovered AI-generated malware scripts targeting users in France in September of the same year. These are no isolated incidents; the threat landscape is rapidly evolving.

AI-Generated Malware: What Makes It So Dangerous?

AI-generated malware is alarming for several reasons. First, AI can automate much of the manual work traditionally required to create malware. Previously, a hacker would need deep technical expertise to craft malicious code. Today, with AI-powered tools like ChatGPT, anyone with basic programming knowledge can request code that replicates harmful functionalities. This lowers the barrier to entry for cybercriminals and increases the frequency and sophistication of attacks.

Second, AI-generated malware is often polymorphic, meaning it can change its signature to evade detection systems. Traditional antivirus programs rely on signature-based detection, which becomes obsolete against constantly evolving threats. By using AI to dynamically alter the malware’s code, cybercriminals can effectively bypass defenses that have been used for years.

Moreover, AI-driven cyberattacks aren’t just limited to malware. Phishing campaigns powered by AI are becoming increasingly convincing, using natural language processing to craft highly personalized and targeted emails. These AI-generated messages can be indistinguishable from legitimate communications, making them all the more dangerous.

Real-World Examples: The Threat Is Already Here

The implications of AI in cybercrime are not theoretical. One of the most significant cases involves the Chinese cyber-espionage group Sweetspecter, which was documented using AI-powered reconnaissance to identify vulnerabilities. They launched spear-phishing attacks against Asian governments and even targeted OpenAI itself, sending malicious ZIP files disguised as customer support requests. Once opened, the files triggered a malware infection chain, unleashing a sophisticated Remote Access Trojan (RAT).

Even more worrying is how AI-generated malware is targeting critical infrastructure. In another case, the Iranian group CyberAv3ngers used ChatGPT to identify default credentials for industrial routers and PLCs (programmable logic controllers). These devices control vital manufacturing and energy infrastructure, highlighting the devastating potential of AI-assisted cyberattacks.

Are We Ready to Defend Against AI-Driven Attacks?

The rise of AI-generated malware signals a pivotal moment for the cybersecurity industry. Traditional security measures—firewalls, antivirus software, even human-driven threat analysis—are becoming increasingly inadequate against this new breed of cyber threat. AI has changed the game, and defenders must respond in kind by embracing AI-powered cybersecurity solutions.

The future of cyber defense lies in adopting advanced AI-driven tools that can analyze vast amounts of data, detect anomalous behavior, and adapt as threats evolve. For example, AI can identify when a piece of malware is attempting to alter its signature or evade detection, enabling faster response times and more robust defenses.

Organizations must also invest in next-generation Security Operations Centers (SOC) that use AI to monitor, detect, and respond to threats in real-time. These AI-powered SOCs can process huge volumes of data, identify patterns, and mitigate risks before they escalate into full-blown attacks. With AI on both sides of the battlefield, it’s critical for defenders to leverage the same technology as cybercriminals—if not more effectively.

Conclusion

ESDS SOC Services to Defend Against the Future

With the increasing trend of cybercriminals using AI to create sophisticated malware and frame a phishing scam, the best course of action would be to combat that threat with the same cutting-edge technology. Businesses will have to take up AI-driven cybersecurity measures in order to stay in the advanced stage of combating threats. ESDS Software Solutions has provided an advanced SOC driven by AI and gives assurance to businesses to defend against AI-generated malware, phishing attacks, and other cyber threats.

The ESDS SOC services continuously monitor your surroundings through machine learning and analytics to detect threats early before they can cause damage. Our AI Security Operations Center secures your system against unidentifiable malware and phishing emails generated by AI. ESDS gets your organization even better prepared for a future where AI-driven cyber threats are at an all-time high through continuous real-time threat detection, automated responses, and a proactive defense strategy.

Are you ready for the future change in cybersecurity? This is where ESDS SOC comes to your rescue to save your digital assets from AI-based cyber threats.

Proofpoint names Jerome Jullien as new EMEA channel chief

http://securitytc.com/TGBxqJ

Proofpoint Signs Definitive Agreement to Acquire Normalyze

Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform aiming to address the full spectrum of data security challenges across today’s complex data landscape October 29, 2024 – SUNNYVALE, Calif. – Proofpoint Inc., a leading cybersecurity and compliance company, today announced it has entered into a definitive agreement to acquire Normalyze, a leader in Data…

KI-gesteuerte Plattform schützt vor einer Vielzahl von Bedrohungen

Ein führendes Unternehmen für Cybersecurity hat die Funktionen seiner Plattform verbessert. Sie bietet unter anderem Schutz vor Bedrohungen in Social-Media-, Messaging- und SaaS-Anwendungen sowie vor Daten- und Identitätsdiebstahl. Proofpoint, ein führendes Cybersecurity- und Compliance-Unternehmen, hat heute die Erweiterung der Funktionen seiner preisgekrönten Plattform bekannt gegeben, um seinen Kunden eine breitere, adaptive und auf den Menschen ausgerichtete Sicherheitskontrolle zu bieten. Die neuen Lösungen und Integrationen schützen Unternehmen vor Bedrohungen in Messaging-, Collaboration- und Social-Media-Anwendungen, beschützen SaaS-Anwendungen und Identitäten in einer Vielzahl von Anwendungen, verhindern Datenverluste durch intelligente, adaptive Datensicherheit und leiten Mitarbeiter mit adaptiven Sicherheitsanweisungen zu sicherem Verhalten an. Leistungsstarke KI-gesteuerte Plattform für die auf den Menschen ausgerichtete Sicherheit Die neuen Funktionen, die heute auf der Protect-Konferenz des Unternehmens vorgestellt wurden, setzen einen neuen Standard für den Umgang von Unternehmen mit menschlichen Risiken, indem sie zwei wichtige proprietäre Plattformkomponenten nutzen: Proofpoint Nexus, eine Kombination aus KI, Verhaltens- und Bedrohungserkennung, die Risiken identifiziert und mindert, sowie Proofpoint Zen, eine Reihe von Technologien, die erstklassigen, umfassenden Schutz bieten, während Menschen mit E-Mail, Kollaborationsanwendungen, dem Internet und Daten arbeiten. Zusammen bieten sie eine integrierte, kohärente Erfahrung, die sowohl Endnutzern als auch Sicherheitsexperten einen Schutz bietet, bei dem der Mensch im Mittelpunkt steht. „Von Ransomware über Business Email Compromise bis hin zu Datenverlusten – die schädlichsten Cyberrisiken haben alle mit Menschen und ihren Identitäten zu tun“, sagt Sumit Dhawan, Chief Executive Officer bei Proofpoint. „Aber das menschliche Risiko ist schwer in den Griff zu bekommen, da wir alle mit E-Mail, Collaboration-Anwendungen, der Cloud und dem Internet arbeiten, was mit den Risiken neuer Bedrohungen, des Identitätsdiebstahls und einer Gefährdung von Daten einhergeht. Proofpoint hat Pionierarbeit auf dem Gebiet der menschzentrierten Sicherheit geleistet und definiert diese nun neu, indem wir bisher unzusammenhängende Prozesse und Technologien in einer einzigen Plattform zusammenführen, um neue digitale Kanäle zu schützen, das Unternehmensrisiko zu senken und die Benutzer jeden Tag in Echtzeit besser zu unterstützen.“ Gezielte Bedrohungen über alle Messaging-, Collaboration- oder Social-Media-Plattformen hinweg stoppen Bedrohungsakteure nutzen zunehmend digitale Kanäle wie Slack, Microsoft Teams, Zoom und LinkedIn, um Phishing-Angriffe zu starten und Menschen dazu zu verleiten, persönliche Informationen preiszugeben oder bestimmte Aktionen auszuführen, z. B. Geld zu überweisen oder sensible Unternehmensdaten weiterzugeben. In den letzten drei Jahren sind laut Proofpoint die URL-Bedrohungen per E-Mail um 119 Prozent und per SMS um 2.524 Prozent in die Höhe geschnellt. Basierend auf branchenführenden Bedrohungsdaten und der neuen ZenWeb-Browsererweiterung von Proofpoint bietet Proofpoint Collab Protection fortschrittlichen Echtzeit-Bedrohungsschutz. Damit werden bösartige URLs blockiert, die mittels irgendeiner Messaging-, Collaboration- oder Social-Media-Anwendung übertragen werden, und sie kann in Google Chrome, Microsoft Edge, Apple Safari oder jedem Chromium-basierten Unternehmensbrowser eingesetzt werden. Durch den Einsatz von Nexus TI (Threat Intelligence) profitieren Kunden von einer kollektiven Verteidigung, die ein Netzwerk von Tausenden der kritischsten Organisationen weltweit schützt. Schutz von SaaS-Anwendungen und Verhinderung von Account-Hijacking mit Proofpoint Posture Management Unternehmensidentitäten ermöglichen es Mitarbeitern, problemlos mit Microsoft 365, GenAI, Cloud-Speicher- und Collaboration-Anwendungen zu arbeiten. Bedrohungsakteure haben jedoch erkannt, diese zu nutzen, um Ransomware-Angriffe zu starten, Cloud-Konten zu übernehmen und Daten zu exfiltrieren. Laut Daten von Proofpoint waren fast alle Unternehmen (96 %) Ziel von Hackerangriffen auf Cloud-Accounts, und mehr als die Hälfte von ihnen hat solche bereits selbst erlebt. Darüber hinaus war bei der Hälfte der gehackten Konten die Multi-Faktor-Authentifizierung (MFA) aktiviert. Dies zeigt, dass unsichere Anwendungen – sowohl vom Unternehmen bereitgestellte als auch Schattenanwendungen – ein wertvolles Sprungbrett für Angreifer sind, um Cloud-Konten von Unternehmen zu übernehmen. Die Proofpoint Nexus Plattform bildet die Verbreitung von Benutzeridentitäten und gängige Angriffspfade ab und erkennt Anomalien bei der Konfiguration und Zugriffen, um unbefugten Zugang und die Übernahme von Cloud-Konten zu verhindern. Dies hilft Sicherheitsexperten zu verstehen, wo sich ein Konto befindet und ob es aufgrund seiner Berechtigungen, der Daten, mit denen es verknüpft ist, oder seiner guten (oder schlechten) Sicherheitskonfiguration ein Risiko darstellt. Basierend auf dem Status und dem Risiko einer Identität gibt Proofpoint Posture Management Empfehlungen und führt Konfigurationen zur Verbesserung durch. Datenschutz und Reduzierung von Insider-Risiken durch intelligentere, adaptive Kontrollen und bewussten GenAI-Schutz Die Identifizierung von Insider-Bedrohungen ist eine Herausforderung, die dazu führt, dass interne Untersuchungen nur reaktiv durchgeführt werden: Cybersicherheits-Administratoren konzentrieren sich auf Benutzer mit hohem Risiko, wie Mitarbeiter, die das Unternehmen verlassen bzw. an einer Leistungsverbesserungsmaßnahme teilnehmen, oder Auftragnehmer, erst nachdem sie auf ihr potenzielles Risiko für das Unternehmen aufmerksam gemacht wurden. Adaptive Information Protection von Proofpoint ermöglicht Sicherheitsteams einen proaktiven Ansatz beim Management von Insider-Risiken. Die Verantwortung der Sicherheitsanalysten verlagert sich von der Erstellung manueller Richtlinien auf die Automatisierung von Reaktionen in Bezug auf riskantes Benutzerverhalten. Dadurch können die Analysten effizienter arbeiten. Da GenAI-Tools am Arbeitsplatz allgegenwärtig sind, um Aufgaben wie das Zusammenfassen von Besprechungsprotokollen, das Umformulieren von E-Mails oder das Schreiben von Code zu erledigen, können unvorsichtige oder unbeabsichtigte Handlungen geschäftskritische Informationen wie PII (Persönlich identifizierbare Informationen), Quellcode und andere Unternehmensinformationen preisgeben. Einige dieser Informationen sind mit herkömmlichen DLP-Tools nur schwer zu identifizieren und zu schützen. Proofpoints neues „GenAI Intent Protection“ und „GenAI Instant Editing“ helfen Unternehmen, die Nutzung von GenAI zu ermöglichen und gleichzeitig strukturierte und unstrukturierte Unternehmensdaten vor Offenlegung zu schützen. Die Lösung klärt Endanwender auf und führt über Compliance-Benachrichtigungen zu Verhaltensänderungen bei der Interaktion mit GenAI-Tools. Vom Sicherheitsbewusstsein zur nachhaltigen Verhaltensänderung Herkömmliche Programme zur Förderung des Sicherheitsbewusstseins, die sich auf die Einhaltung von Vorschriften konzentrieren, sind nicht in der Lage, Risiken des menschlichen Handelns zu verringern und die Mitarbeiter zu sichereren Verhaltensweisen anzuleiten. Tatsächlich zeigen Untersuchungen, dass die meisten Mitarbeiter (68 %) wissentlich riskante Verhaltensweisen an den Tag legen, obwohl 99 Prozent der Unternehmen über ein Security Awareness Programm verfügen. Proofpoint entwickelt seine Security-Awareness-Lösung weiter, um Unternehmen dabei zu unterstützen, Sicherheitsvorfälle durch eine echte Verhaltensänderung und den Aufbau einer starken Sicherheitskultur zu reduzieren. ZenGuide von Proofpoint (ehemals Proofpoint Security Awareness Training) ermöglicht es schlanken Sicherheitsteams, personalisierte Lernpfade zu automatisieren und zu skalieren, die auf dem individuellen Risikoprofil, dem Verhalten und der Rolle einer Person basieren. Es nutzt das Wissen über die Risiken von Personen im gesamten Proofpoint-Ökosystem, um relevante Interventionen bereitzustellen, die Security-Spezialisten aufbauen und risikoreiches Verhalten reduzieren. Dies ermöglicht es Unternehmen, über Compliance-getriebene Programme hinauszugehen und gezielte, kontextbezogene Schulungen anzubieten, die auf spezifische Risiken und Verhaltensweisen abzielen. Allgemeine Verfügbarkeit: - Collab Protection von Proofpoint wird voraussichtlich im ersten Halbjahr 2025 weltweit verfügbar sein. - Posture Management von Proofpoint wird voraussichtlich im ersten Quartal 2025 weltweit verfügbar sein. - Die neue Adaptive Information Protection von Proofpoint wird voraussichtlich im September 2024 verfügbar sein. - Der neue erweiterte GenAI-Schutz von Proofpoint wird voraussichtlich im ersten Quartal 2025 verfügbar sein. - ZenGuide von Proofpoint ist bereits weltweit verfügbar, die neuen Funktionen zur Einbindung von Mitarbeitern werden im ersten Quartal 2025 verfügbar sein.     Passende Artikel zum Thema Lesen Sie den ganzen Artikel