Tag: FireEye

Security vendors are happy about WannaCry

drama-masksSecurity companies have seen their share prices rise sharply amid expected increase in spending on IT security after the WannaCry hack

The ransomware attack that disrupted the NHS and businesses around the world has led to a boom in share prices of cybersecurity companies – even the firm used by the health service to protect it against hackers.

Governments and companies expected to increase spending on IT security after being caught out by the attack, cybersecurity firms have seen their stock market values climb sharply over the past two days.

Sophos, a cloud network security specialist which counts the NHS among its clients, have jumped by about eight percent. Of course, it had to make a few changes. The claim on the company’s website that “the NHS is totally protected with Sophos” was changed to “Sophos understands the security needs of the NHS”.

Last week, the company tweeted its “top five tips for securing NHS organisations”. But its shares have been performing well over recent months because of the increased need for cyber defences.

NCC group added five percent to its share valuation and cyber consultancy group ECSC surged 42 percent. ISE, a fund invested in cybersecurity businesses, added nearly four percent.

All this is because corporates have suddenly woken up to the fact that they need to spend some cash on IT security and it is probably a daft idea to keep all those Windows XP machines running for the great unwashed while top execs get Microsoft Surfaces.

Sophos already gives services to the healthcare industry and is looking to increase selling to the sector in the aftermath of the attack.

FireEye’s prices have risen seven percent, Symantec up more than three per cent and Palo Alto Networks 2.7 percent.

The success of the WannaCry hack could make other attacks more likely in the future amid doubts over governments’ ability to secure “cyberweapons” from theft.

Dell’s SecureWorks should get a $1.42 billion IPO

michael-dell-2Dell’s cyber security unit, SecureWorks, could be valued at up to $1.42 billion in its initial public offering, the first major US listing of a technology company this year.

SecureWorks said its offering was expected to be priced at $15.50-$17.50 per Class A share, raising as much as $157.5 million.

It is not the greatest time for SecureWorks to launch. IPO values plunged to a seven-year low in the first quarter, more than halving from a year earlier to $106.6 billion, as worries over slowing economic growth kept investors wary.

However as far as shareholders in SecureWorks are concerned, from such a low base, things can only get better.

Several cyber security firms such as FireEye, Rapid7 and Mimecast have gone public to take advantage of growing investor interest in them after a spate of hacking attacks on companies including major banks and retailers.

However, shares of Rapid7 and FireEye are now trading way below their IPO prices. Mimecast, which jumped 20 percent on its listing day, has also slipped below its offering price.

The Wall Street Journal first reported in October that Dell, the third-largest personal computer maker, had filed confidentially for listing SecureWorks, which it bought for $612 million in 2011.

Founded in 1999, SecureWorks has 4,200 clients in 59 countries.

 

Masque attack hits Apple iOS devices

blue-appleA security firm warned that a vulnerability in Apple’s operating system means apps can be replaced by maleficent apps.

FireEye warned yesterday that all apps could be replaced except iOS pre-installed applications.

The company has verified the vulnerability in various recensions of iOS and told Apple the problem existed as long ago as July 26.  It dubbed the vulnerability Masque Attacks and warned that apps such as banking and email apps can be hacked.

Despite Apple was informed months ago, no action seems to have been taken, which led FireEye to issue an urgent advice notice.

Users can protect themselves by not installing apps from third parties, other than Apple’s App Store.  It also warns people not to install apps from pop up.

And if iOS alerts you with the phrase “untrusted app developer”, don’t trust the app.

There’s more information at the FireEye page, here.

US companies take down Chinese hacker group

1220aAn alliance of US tech companies including Novetta and Microsoft hasbeen targeting the Hikit malware and have worked out a way to disrupt the Chinese cyber espionage gang Axiom’s antics.

Dubbed Operation SMN, the coalition of security companies has apparently given the hackers a Chinese burn after it detected and cleaned up malicious code on 43,000 computers worldwide infected by Axiom.

The effort was led by Novetta and included Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect Intelligence Research Team (TCIRT), ThreatTrack Security, Volexity, and was united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit.

Hikit is custom malware often used by Axiom to burrow into organisations and nick data. It works quietly and evades detection, sometimes for years.

Axiom used a variety of tools to access and re-infect environments including Derusbi, Deputy Dog, Hydraq, and others. Ludwig says, they expanded the group and its scope “so that we absolutely did the best possible job of clean-up and removal” and rolled it all into a Microsoft Malicious Software Removal Tool (MSRT) released Oct. 14.

Novetta thinks that while the MSRT was comprehensive, it may be only a temporary setback for Axiom, which will just work out another way of doing the same thing.

Novetta says it has “moderate to high confidence” that Axiom is a well-resourced and well-disciplined subgroup of the state-backed “Chinese Intelligence Apparatus.”

Axiom has been found in organisations that are of strategic economic interest, that influence environmental and energy policy and that develop integrated circuits, telecommunications equipment and infrastructure.

The target organisations are often related in some way, and once Hikit has burrowed its way into a computing environment, it can create a “mini-network,” communicating laterally with other Hikit installations within the organisation or related outside groups. What makes it difficult to track is that it uses proxies and never communicates with the command-and-control server directly. Hikit talks to companies in such a way that the traffic does not look dodgy.