BENGALURU: CrowdStrike set a new speed benchmark for cybersecurity threat detection, identifying and alerting on a sophisticated eCrime adversary attack in just four minutes during the closed-book MITRE Engenuity’s ATT&CK® Evaluations: Managed Services-Round 2. CrowdStrike Falcon® Complete MDR operates at the speed of the adversary, detecting security incidents six to 11 times faster than competitive vendors while scoring the highest in detection coverage.

MITRE’s closed-book evaluation emulated a real-world eCrime attack without giving the vendors prior knowledge of the threat scenario – creating the most accurate assessment of a vendor’s capabilities. In this scenario, the prevention capabilities of the Falcon agent were not permitted and the Falcon platform was operating in detect-only mode, meaning no automated actions could be taken to kill processes. In this rigorous setting, CrowdStrike reported 42 out of the 43 adversary techniques. MITRE recorded CrowdStrike’s mean-time-to-detect (MTTD) – the average time between when a specific attack activity was performed and an email alert regarding that activity was received – at a record-breaking four minutes, setting a new benchmark for speed in threat detection.

“Stopping breaches requires security teams to operate at the speed of the adversary. The Falcon platform’s unique cloud-born, AI-native architecture with one intelligent sensor delivers the best analyst experience and the fastest, most effective cybersecurity outcomes in the industry,” said Michael Sentonas, President of CrowdStrike. “Multiple platforms and stitched-together solutions are hard to use, create operational complexity, and slow security teams down when speed matters most. This is evident in testing scenarios and even more so in real-world environments. The powerful combination of CrowdStrike’s elite team of experts, the Falcon platform, and our knowledge of the adversary is unmatched in delivering the speed and efficacy needed to stop breaches.”

The post CrowdStrike Sets Record For Fastest Threat Detection In MITRE Engenuity’s ATT&CK® Evaluations Managed Services-Round 2 appeared first on NRI News.

“Targeted cyber-physical attacks are more than zero-day exploits that take advantage of an unknown or unaddressed vulnerability. Instead, they are now also about silent residency – using LotL attacks to wait until there is an opportune moment to turn a system against itself,” said Micheal Ruiz, vice president of OT cybersecurity for Honeywell.

Now in its sixth year, the report underscores the severe risk USB-borne malware poses to industrial and critical infrastructure facilities. Key findings in the report indicate that adversaries now have a strong understanding of industrial environments and how they operate. According to the report, most of the malware detected on USB devices by Honeywell’s Secure Media Exchange could cause loss of view or loss of control of an industrial process, a potentially catastrophic scenario for operators.

“As digital transformation and automation accelerate, so does the exposure to sophisticated and malicious cyberattacks that can have devastating consequences in terms of reputation, safety, and continuity,” said Ruiz. “There are numerous ways a bad actor can infiltrate an OT environment, including through USBs. With Honeywell’s advanced end-to-end technology and deep experience, we partner with our customers to improve their ability to protect their assets and data from these threats.”

The 2024 report is based on the Honeywell Global Analysis, Research, and Defense (GARD) team’s tracking and analysis of aggregated cybersecurity threat data from hundreds of industrial facilities globally during 12 months. 

Several of the report’s additional key findings included:

• USB devices continue to be used as an initial attack vector in industrial environments, as 51% of malware is designed to spread via USB, a nearly six-fold increase from 9% in 2019.
• Content-based malware, which uses existing documents and scripting functions maliciously, is on the rise, accounting for 20% of malware.
• Over 13% of all malware blocked specifically leveraged the inherent capabilities of common documents, such as Word, Excel and PDF documents.
• 82% of malware is capable of disrupting industrial operations, resulting in loss of view, loss of control, or system outages in OT environments.

To download the full report, visit: https://hcenews.honeywell.com/CYB-2024-Threat-Report-LP.html

The post Honeywell Report Reveals “Silent Residency” Is Driving Escalating Cyber Threat For Industrial And Critical Infrastructure Facilities appeared first on NRI News.

The CRI’s Policy Pillar led efforts to counter the business model that underpins the ransomware ecosystem. This included research on cyber insurance, victim behavior, seizure and confiscation of virtual assets, ransom payments, and best practices in incident reporting and information sharing.

The Diplomacy and Capacity Building Pillar expanded the CRI’s like-minded umbrella by adding 13 new members to the coalition. The pillar also prioritized opportunities to inform potential new members about the initiative and developed tailored capacity-building opportunities to match members’ needs and requests.

The International Counter Ransomware Task Force (ICRTF), established at last year’s meeting, began developing platforms for coordinating and disrupting ransomware at an operational level. The ICRTF will continue to build upon the successes of its inaugural year by operationalizing the tools and platforms developed by its members.

The CRI’s joint policy statement declares that member governments should not pay ransoms. The initiative also created a shared blacklist of wallets through the U.S. Department of the Treasury’s pledge to share data on illicit wallets used by ransomware actors with all CRI members.

The CRI provides an opportunity to create long-term cooperative approaches and common understandings of accountability in cyberspace, consistent with international law as well as state actions as embodied in the Framework for Responsible State Behavior in Cyberspace, endorsed by all United Nations member states.

Overall, the CRI’s joint statement highlights the importance of international cooperation in combating ransomware threats and building collective resilience against future attacks.

Image Source: U.S. Department of Justice on X

The post International Counter Ransomware Initiative Releases Joint Statement to Combat Ransomware Threats appeared first on NRI News.