Tag: FireEye

Digital forensics market has five key players

five peopleThe global digital forensics market is consolidated with top five players holding more than 40 percent of the overall market in 2016, according to Transparency Market Research (TMR)

In a new report. Cisco, IBM, Guidance Software, FireEye and MSAB have taken control of the market as cyber crime soars.

This conclusion follows a review based on the findings of Transparency Market Research report, which had the punchy title “Digital Forensics Market (Type – Computer Forensics, Network Forensics, Cloud Forensics, Mobile Device Forensics, and Database Forensics; Application – Health Care, Education, Banking, Financial Services, And Insurance (BFSI), Defense And Aerospace, Law Enforcement, Transportation And Logistics, and Information Technology) – Global Industry Analysis, Size, Share, Growth, Trends and Forecast, 2017 – 2025.”

TMR estimates that the global digital forensics market was valued at US$2.87 billion in 2016 and is anticipated to be worth US$6.65 billion by 2025, expanding at a CAGR of 9.7 percent between 2017 and 2025.

Computer forensics stood as the leading type segment in 2016; however, mobile device forensics is expected to overtake in terms of growth due to the increasing demand for mobile device applications.

The regional segments into which the global market for digital forensics is segmented are North America, Europe, Asia Pacific, Latin America, and the Middle East and Africa. Among these, North America, Asia Pacific, and Europe account for major revenue contribution to the global market.

According to the report, growth of cyber threat and attacks is the key factor driving the digital forensics market. In today’s scenario, cyber criminals are causing unprecedented level of disruption by using IT tools as well as cloud services. These cyber criminals follow a planned approach for systematically hacking valuable information from companies, stealing customer and credit card information. The gradual increase of mobile devices that provides access to company applications and different types of data is also posing security problems to safeguard information. These factors are collectively boosting the demand for digital forensics solutions.

The growth of this market is also driven by rising complexities and sophistication in digital crimes. Cyber criminals employ a combination of sophisticated technologies to be successful in their missions. They target individuals as well as businesses and rewards achieved are much greater with security protocols being somewhat lax at the other end. Not only this, cyber criminals use multiple channels and mislead security by a series of attacks that takes off the attention of security personnel from the main crime site.

Increasing use of cloud based solutions and IoT technology is also accentuating the growth of digital forensics market, says the report. The increasing trend of cloud based technology and internet of things technology among consumers for everyday functioning is giving the opportunity to hackers to target the areas of least resistance. Due to this, there is constant threat of information leak posing risk to customer’s privacy and paving way for crime.

However, the growth of the digital forensics market is deterred due to the rising complexities in mobiles. The widespread use of mobile platform for businesses has led to mobile-specific vulnerabilities leading to the use of malware and network-based attacks to expose business data. The growth of this market is also hampered due to lack of industry regulations and professional ethics. This is supplemented by factors such as inadequate training, limited resources, use of outdated equipment, and lack of standard protocol for examining digital evidences that have been documented.

 

Security vendors are happy about WannaCry

drama-masksSecurity companies have seen their share prices rise sharply amid expected increase in spending on IT security after the WannaCry hack

The ransomware attack that disrupted the NHS and businesses around the world has led to a boom in share prices of cybersecurity companies – even the firm used by the health service to protect it against hackers.

Governments and companies expected to increase spending on IT security after being caught out by the attack, cybersecurity firms have seen their stock market values climb sharply over the past two days.

Sophos, a cloud network security specialist which counts the NHS among its clients, have jumped by about eight percent. Of course, it had to make a few changes. The claim on the company’s website that “the NHS is totally protected with Sophos” was changed to “Sophos understands the security needs of the NHS”.

Last week, the company tweeted its “top five tips for securing NHS organisations”. But its shares have been performing well over recent months because of the increased need for cyber defences.

NCC group added five percent to its share valuation and cyber consultancy group ECSC surged 42 percent. ISE, a fund invested in cybersecurity businesses, added nearly four percent.

All this is because corporates have suddenly woken up to the fact that they need to spend some cash on IT security and it is probably a daft idea to keep all those Windows XP machines running for the great unwashed while top execs get Microsoft Surfaces.

Sophos already gives services to the healthcare industry and is looking to increase selling to the sector in the aftermath of the attack.

FireEye’s prices have risen seven percent, Symantec up more than three per cent and Palo Alto Networks 2.7 percent.

The success of the WannaCry hack could make other attacks more likely in the future amid doubts over governments’ ability to secure “cyberweapons” from theft.

Dell’s SecureWorks should get a $1.42 billion IPO

michael-dell-2Dell’s cyber security unit, SecureWorks, could be valued at up to $1.42 billion in its initial public offering, the first major US listing of a technology company this year.

SecureWorks said its offering was expected to be priced at $15.50-$17.50 per Class A share, raising as much as $157.5 million.

It is not the greatest time for SecureWorks to launch. IPO values plunged to a seven-year low in the first quarter, more than halving from a year earlier to $106.6 billion, as worries over slowing economic growth kept investors wary.

However as far as shareholders in SecureWorks are concerned, from such a low base, things can only get better.

Several cyber security firms such as FireEye, Rapid7 and Mimecast have gone public to take advantage of growing investor interest in them after a spate of hacking attacks on companies including major banks and retailers.

However, shares of Rapid7 and FireEye are now trading way below their IPO prices. Mimecast, which jumped 20 percent on its listing day, has also slipped below its offering price.

The Wall Street Journal first reported in October that Dell, the third-largest personal computer maker, had filed confidentially for listing SecureWorks, which it bought for $612 million in 2011.

Founded in 1999, SecureWorks has 4,200 clients in 59 countries.

 

Masque attack hits Apple iOS devices

blue-appleA security firm warned that a vulnerability in Apple’s operating system means apps can be replaced by maleficent apps.

FireEye warned yesterday that all apps could be replaced except iOS pre-installed applications.

The company has verified the vulnerability in various recensions of iOS and told Apple the problem existed as long ago as July 26.  It dubbed the vulnerability Masque Attacks and warned that apps such as banking and email apps can be hacked.

Despite Apple was informed months ago, no action seems to have been taken, which led FireEye to issue an urgent advice notice.

Users can protect themselves by not installing apps from third parties, other than Apple’s App Store.  It also warns people not to install apps from pop up.

And if iOS alerts you with the phrase “untrusted app developer”, don’t trust the app.

There’s more information at the FireEye page, here.

US companies take down Chinese hacker group

1220aAn alliance of US tech companies including Novetta and Microsoft hasbeen targeting the Hikit malware and have worked out a way to disrupt the Chinese cyber espionage gang Axiom’s antics.

Dubbed Operation SMN, the coalition of security companies has apparently given the hackers a Chinese burn after it detected and cleaned up malicious code on 43,000 computers worldwide infected by Axiom.

The effort was led by Novetta and included Bit9, Cisco, FireEye, F-Secure, iSIGHT Partners, Microsoft, Tenable, ThreatConnect Intelligence Research Team (TCIRT), ThreatTrack Security, Volexity, and was united as part of Microsoft’s Coordinated Malware Eradication (CME) campaign against Hikit.

Hikit is custom malware often used by Axiom to burrow into organisations and nick data. It works quietly and evades detection, sometimes for years.

Axiom used a variety of tools to access and re-infect environments including Derusbi, Deputy Dog, Hydraq, and others. Ludwig says, they expanded the group and its scope “so that we absolutely did the best possible job of clean-up and removal” and rolled it all into a Microsoft Malicious Software Removal Tool (MSRT) released Oct. 14.

Novetta thinks that while the MSRT was comprehensive, it may be only a temporary setback for Axiom, which will just work out another way of doing the same thing.

Novetta says it has “moderate to high confidence” that Axiom is a well-resourced and well-disciplined subgroup of the state-backed “Chinese Intelligence Apparatus.”

Axiom has been found in organisations that are of strategic economic interest, that influence environmental and energy policy and that develop integrated circuits, telecommunications equipment and infrastructure.

The target organisations are often related in some way, and once Hikit has burrowed its way into a computing environment, it can create a “mini-network,” communicating laterally with other Hikit installations within the organisation or related outside groups. What makes it difficult to track is that it uses proxies and never communicates with the command-and-control server directly. Hikit talks to companies in such a way that the traffic does not look dodgy.