Enjoying Wonderful World: Palo Alto Networks

Showing posts with label Palo Alto Networks. Show all posts

August 16, 2024

Palo Alto Networks Rolls Out Secure AI by Design Portfolio

Availability of industry’s first AI-powered cybersecurity solutions to defend against AI threats, safeguard models, and enable controls and visibility

What: Palo Alto Networks is making available to customers its Secure AI by Design product portfolio, aiming to secure organizations' GenAI usage and development of enterprise AI applications by providing visibility, control, and protection specific to AI, addressing new risks and threats. As businesses increasingly integrate AI, the portfolio enables them to confidently build and use AI-powered apps, while also prioritizing the integrity of AI security frameworks from development to deployment.

Why: The need for securing AI applications has become increasingly important as businesses continue to integrate AI and LLMs into their operations. With employees adopting AI applications at a rapid pace and organizations across various industries gaining a competitive edge through AI-powered applications, the Secure AI by Design portfolio aims to securely enable AI deployments.

While the promises of AI are significant, it's essential to acknowledge the associated risks with equal emphasis in order to realize its full potential. Bad actors are using AI to ramp up the scale of attacks, so it is important that organizations are proactive in their defense.

How: Organizations will be equipped to create a secure AI ecosystem that prioritizes the integrity of AI security frameworks from development to deployment. Businesses can fully harness the potential of AI without compromising security through the following use cases:

Securely enable GenAI applications: With the growing trend of employees using GenAI apps for business purposes, AI Access Security enables organizations to use AI tools with confidence. It gives security teams full visibility, application and data access controls, and continuous data risk monitoring.

Fortify AI supply chain: Businesses must be aware and rectify against possible risks. With Prisma Cloud AI Security Posture Management (AI-SPM), organizations can secure their AI ecosystem by identifying vulnerabilities and misconfigurations in models, applications and resources. It improves compliance and minimizes data exposure, thus improving the integrity of your AI security framework.

Protect enterprise AI applications: It is critical for organizations to see every component of their AI app ecosystem— including AI applications, models, inference and training datasets. AI Runtime Security is designed to help solve this, and protect against evolving zero-day and AI-specific threats, such as data leakage from AI models and applications, and safeguard models from misuse and attacks.

When: To start the roll out, AI Runtime Security is now available on Google Cloud and will be available later in August on Amazon Web Services (AWS) and Microsoft Azure. AI-SPM and AI Access Security are already available.

Additional Information: Learn more about our Secure AI by Design portfolio, read our latest blogs on AI Runtime Security and AI-SPM. Explore Precision AI by Palo Alto Networks, which powers our cybersecurity platforms and solutions.

August 2, 2024

Over 70% of Filipino industrial organisations experienced an OT attack in 2023—Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, has published its State of OT Security: A Comprehensive Guide to Trends, Risks, and Cyber Resilience report. The report surveyed 1,979 operational technology (OT) and IT business leaders across 23 countries globally, including 51 leaders in the Philippines, to understand the trends, risks, and cyber resilience strategies within OT environments, offering insights into the challenges faced by organisations across the globe.

In Philippines, over 70 % of industrial organizations experienced cyber attacks in their OT environments in the past year
38 out of 51 organisations agreed that AI will be key to stopping OT attacks

Industrial operations are increasingly under regular and widespread cyberattacks, forcing operational shutdowns which result in lost revenue and significant remediation costs. At the same time, operators face increased compliance requirements as well as new risks posed by their adoption of new technologies and processes, including AI, remote access, cloud, 5G, and robotics. As a result, industrial operators are increasingly conscious of the need to adapt cybersecurity to the new demands of the day.

The report’s key findings reveal a concerning landscape in OT security:

Industrial operations are at high risk of cyberattacks – Industrial operations were once believed to be immune to cyberattacks given their air-gapped systems, legacy assets, proprietary technologies, and fragmented end markets. This is no longer the case. 76.5% of the Filipino respondents stated that their organizations had experienced at least one cyberattack in the past year. Equally alarming is the frequency of these attacks, with about half (48.7%) of the respondents experiencing attacks often monthly or weekly.

Cyberattacks can shut down local OT operations – The impact of these attacks has been significant, with 23.1% of Filipino organisations needing to shut down industrial operations in the last year due to a successful attack. This dangerous state of affairs is driving industrial operators to increasingly focus on security for their OT environments, with more than 70.6% of Filipino respondents considering it a high priority, and more than half (56.9%) expecting to increase spending on OT cybersecurity in the next two years.

Friction between OT and IT is a challenge – Despite the urgency, there remains a disconnect between OT and IT teams, hindering coordinated responses to threats. When asked to describe the relationship between OT and IT, more than half (54.9%) stated that it was either siloed or frictional, with only 17.6% answering that their teams are aligned. Furthermore, only 37.3% of respondents reported shared responsibility for OT cybersecurity purchase decisions between the two teams. This disparity is due to the historical roles of both teams, with IT traditionally being in charge of company-wide security, while OT has historically focused on industrial operations.

AI is a double-edged sword – AI has already caught the attention of industrial operators, but the judgement on its value is split between fear of AI-enabled attacks and demand for AI-enabled protection. The survey found that 70.6% of respondents in the Philippines identified AI attacks against OT as a critical issue today, but 4 out of 5 also agreed that AI will be key to stopping OT attacks.

The move to cloud will reinforce OT security – AI is not the only new technology making its way into OT environments, with operators also getting ready to implement cloud solutions, among others. The report found that 92.2% of organizations in the Philippines believed the move to cloud will reinforce OT security. However, 64.7% of them also stated it would create increased cybersecurity challenges in the next two years.

Zero Trust is the North Star – The report also underscores the criticality of embracing a Zero Trust approach to OT security, with over 80% of industrial respondents endorsing it as the right strategy. However, deployment rates remain relatively low, with just over 20% having fully implemented Zero Trust solutions for their OT/IT environments.

Oscar Visaya, Country Manager, Philippines at Palo Alto Networks, said, "The growing attacks on industrial operators highlight the urgent need for proactive risk mitigation and system resilience. As industrial operations undergo digital transformation in the AI era, traditional security measures are inadequate against advanced cyber threats. AI-driven defenses must be adopted to quickly analyze large data sets and detect patterns of impending threats, often before an attack occurs. Further, close collaboration between IT and OT teams is essential to ensure a unified and effective approach to cybersecurity.”

For more information,please visit: https://www.paloaltonetworks.com/network-security/zero-trust-ot-security.

Click to read more:

State of OT Security report

Blog post: Palo Alto Networks Surveys the State of OT Security

July 14, 2023

Android Malware Disguised as ChatGPT Apps Targeting Smartphone Users : Palo Alto Networks Unit 42 Research

Palo Alto Networks, the global cybersecurity leader, has recently found a surge in Android malware that is pretending to be the popular AI Chatbot ChatGPT. The malware emerged following the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in using the ChatGPT tool.

A Meterpreter Trojan disguised as a "SuperGPT" app and a "ChatGPT" app are found to send premium-rate text messages, resulting in charges for the victims that are pocketed by threat actors. Considering that Android users can download applications from various sources other than the official Google Play store, there is potential for users to obtain applications that have not been vetted by Google.

Key findings include:

● Impersonation of ChatGPT: A new android malware has emerged, disguising itself as ChatGPT. This surge coincided with the release of OpenAI's GPT-3.5 and GPT-4, targeting users interested in ChatGPT.

● Meterpreter Trojan: The malware includes a Meterpreter Trojan disguised as a "SuperGPT" app. It enables remote access to infected Android devices upon successful exploitation.

● Certificate Attribution: The digital code-signing certificate used in the malware samples is associated with an attacker identified as "Hax4Us." The certificate has been used across multiple malware samples.

● SMS to Premium-Rate Numbers: A cluster of malware samples, masquerading as ChatGPT-themed apps, sends SMS messages to premium-rate numbers in Thailand. These numbers incur charges for the victims, facilitating scams and fraudulent activities.

----------------------------------

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyberthreats, so organizations can embrace technology with confidence. We provide next-gen cybersecurity to thousands of customers globally, across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021 and 2022), Comparably Best Companies for Diversity (2021), and HRC Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

May 4, 2023

World Password Day: May the cyberforce be with you?

The invention of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in our lives; from your first pet to the street you grew up on, they are deeply ingrained in our minds. Passwords today are the primary guardians of our privacy, personal data, and finances.

Despite this knowledge, passwords are often viewed complacently, even though simple, easy-to-guess passwords are insecure. Your dog’s name, spouse’s name, birthdate, and other words and phrases related to your life that are easily discoverable on your social media profiles are easy for attackers to discover.

While the onus of ensuring security and protecting data does lie on the companies that collect and store this data, there is quite a bit consumers can do on their end to secure their credentials. World Password Day 2023 is driven by the purpose of raising awareness about the importance of strong passwords and encouraging individuals and organizations to take steps to improve their password security. With the increasing prevalence of cyberattacks and data breaches, it is more important than ever to use strong and unique passwords to protect our online accounts and personal information.

Based on research, 91% of people know that using the same password on multiple accounts is a security risk, yet 66% continue to use the same password anyway. Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks, provides simple but effective measures to make passwords the primary guardian of your personal and professional

● Set guidelines for passwords that prevent password spraying: Ensure long passwords with a good mix of different character types—letters, numbers, and special characters. An 8-character password is easier to guess by a computer than a 16- or 24-character password.

● Avoid vulnerable passwords that are easily guessed or already compromised. If you go and Google ‘commonly used passwords," you’ll see a list that any attacker uses when trying to guess passwords. If there is a default password on an internet-facing device or even internally. Change it ASAP!

● Avoid reusing passwords: Everyone hates remembering passwords; some great options are using the passphrase options. We can use it to create unique passwords that are easy to remember. Be wary of password managers; several have been hit recently, and some of them multiple times. But they can also be an option.

● Require password updates at set frequencies: This is a pain, but consider it the standard operating procedure for business risk reduction. It doesn’t take that long to do and helps secure the organization if a set of credentials is stolen or phished somehow.

● Use multi-factor authentication methods: If a password is stolen or guessed, no matter how hard you’ve tried to be unique, having other methods to confirm it is you trying to get to a resource or a web service you use is vital. Many different cloud, security, and operating system vendors have a multi-factor authentication app that you can install on your phone to link to almost every website that supports it.

By taking these steps, individuals and organizations can help improve their password security and protect their online accounts and personal information. Learn more about how to create a stronger cybersecurity posture with an intelligent, automated, artificial intelligence (AI)-driven security operations center by checking out Palo Alto Networks’ World Password Day webinar.

----------------------------------

About Palo Alto Networks

Palo Alto Networks is the world’s cybersecurity leader. We innovate to outpace cyber threats so that organizations can confidently embrace technology. We provide next-gen cybersecurity to thousands of customers globally across all sectors. Our best-in-class cybersecurity platforms and services are backed by industry-leading threat intelligence and strengthened by state-of-the-art automation. Whether deploying our products to enable the Zero Trust Enterprise, responding to a security incident, or partnering to deliver better security outcomes through a world-class partner ecosystem, we’re committed to helping ensure each day is safer than the one before. It’s what makes us the cybersecurity partner of choice.

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC's Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

April 2, 2023

Palo Alto Networks warns of travel-related scams to watch out for this Holy Week

Holy Week is one of the peak travel seasons in the Philippines. The Civil Aviation Authority anticipates two million passengers to fly domestically to observe the holiday. With this many prospective Filipinos travelling simultaneously, there is expected to be fierce competition for travel tickets and bookings and good deals through online travel agents and apps. Meanwhile, scammers see this as an opportunity to be exploited, particularly through social engineering and phishing. Attackers target individuals and groups during this time as individuals are focused on family time and religious practice, and organizations have lesser manpower for security. In response, Palo Alto Networks, the global cybersecurity leader, shares insights and solutions to address this increasing cyber risk during Holy Week.

“We’ve seen time and time again how scammers capitalize on people’s eagerness to travel as well as their desire to travel affordably,” said Steven Scheurmann, Regional Vice President, ASEAN, at Palo Alto Networks. “The travel industry is especially attractive for scammers as it is a huge source of sensitive and personal data, including stolen usernames, emails, and passwords, as well as customer data such as identity, payment, and contact information, which means both travellers and travel companies need to be very cautious.”

According to Palo Alto Networks, some of the most common travel-related scams include:

● The use of malicious domains and URLs that impersonate well-known brands and websites.

● Phishing emails/SMS/WhatsApp texts to end users to trick them into either downloading malicious attachments or APK files or clicking on links that lead to malicious website pages or attachments. Threat actors use themes that invoke a sense of urgency (such as outstanding invoices) or emotional appeal to the end users with homecoming-themed emails as we approach Eid).

● Offering a “shadow travel agency” service, they reach out to travellers through various social media platforms, providing travel-related bookings at heavily discounted prices. While travellers transfer clean money to the “shadow travel agency,” the “shadow travel agency” pays the actual service providers, such as hotels or airlines, with stolen payment information. Due to the time gap in payment processing, service providers only realize they have been defrauded when they see the disputed card transactions or chargebacks weeks or months later.

Meanwhile, organizations must implement security awareness training to improve employees’ ability to identify fraudulent emails, ensure that their organization’s data is regularly backed up as a defense against ransomware attacks initiated via phishing emails, enforce multi-factor authentication on all business-related logins as an added layer of security, and implement an end-to-end cybersecurity solution that allows for advanced URL filtering that detects unknown, newly malicious URLs quickly, identifies known samples as malware, and tracks related malware activities.

“Scammers and attacks may affect the individual traveller, major travel corporations, as well as small travel agents and operators—which means everyone needs to stay vigilant in implementing ways to avoid these threats. As Filipinos travel to celebrate Holy Week and spend time with their families, they must also remain aware and cautious of malicious actors to stay safe amid the holidays,” closed Steven.

----------------------------------------------------

About Palo Alto Networks

At Palo Alto Networks, we’re committed to bringing together the very best people in service of our mission, so we’re also proud to be the cybersecurity workplace of choice, recognized among Newsweek’s Most Loved Workplaces (2021), Comparably Best Companies for Diversity (2021), and HRC's Best Places for LGBTQ Equality (2022). For more information, visit www.paloaltonetworks.com.

March 23, 2023

Ransomware Attacks in the Philippines surge by almost 60% in 2022, New Report from Palo Alto Networks Unit 42 Finds

The report reveals insights into the latest tactics of ransomware gangs; financial, geographical, and industry impacts based on data gathered from Unit 42 investigations.

MANILA, PHILIPPINES—Palo Alto Networks found that ransomware and extortion cases in the Philippines increased by 57.4% in 2022 with 11 reported cases across key sectors. Threat actors are utilizing more aggressive tactics to pressure organizations, with harassment being involved 20 times more often than in 2021, according to Unit 42™ incident response cases.

This harassment is typically carried out via phone calls and emails targeting a specific individual, often in the C-suite, or even customers, to pressure them into paying a ransom demand. The 2023 Unit 42 Ransomware and Extortion Report shares insights compiled based on findings from Unit 42’s incident response work from approximately 1,000 cases throughout the past 18 months.

● The Philippines took up the 4th spot in Southeast Asia, alongside Malaysia, with 11 reported ransomware attacks and a 57.4% surge, accounting for around 12% of the attacks in the region

● Manufacturing, Professional & Legal Services, and State & Local Governments remained the most targeted sectors in the Philippines

● The Philippines trailed behind Thailand (28), Singapore (18), and Indonesia (14), in the list of the most attacked countries, and was ahead of Vietnam (9).

● The total number of ransomware attacks in APAC increased by 35.4% to 302.

● Globally, ransomware demands continued to be a pain point for organizations this past year, with payments as high as US$7 million (PHP 383M) in cases that Unit 42 observed

● The global median demand was US$650,000 (PHP 35.5M), while the median payment was US$350,000 (PHP 18.9M), indicating that effective negotiation can drive down actual payments

Key trends from the report include:

Attackers Add Pressure with Multi Extortion

Ransomware groups have been observed layering extortion techniques for greater impact, with the goal of applying more pressure on organizations to pay the ransom. Some of these tactics include encryption, data theft, distributed denial of service (DDoS), and harassment. Data theft, which is often associated with dark web leak sites, was the most common of the extortion tactics, with 70% of groups using it by late 2022 — a 30 percentage point increase from the year prior.

Leak Sites Drip with Data

Every day, Unit 42 researchers see an average of seven new ransomware victims posted on leak sites — equating to one new victim every four hours. In fact, in 53% of Unit 42’s ransomware incidents involving negotiation, ransomware groups have threatened to leak data stolen from organizations on their leak site websites. This activity has been seen from a mix of new and legacy groups, indicating that new actors are entering the landscape to cash in as legacy groups have done. Established groups like BlackCat, LockBit, and others contributed to 57% of the leaks, with new groups trailing close behind with 43%.

Ransomware Groups Attack Society’s Most Vulnerable

There have been many notable attacks in the past year from ransomware groups, with a particular spike in attacks on schools and hospitals, demonstrating how low these actors are willing to stoop in their attacks. This includes the attacks from Vice Society, which was responsible for the data leaks from several major school systems in 2022. The group continues to be active in 2023, with nearly half of the incidents posted to their leak site impacting educational institutions.

In 2022, 30 organizations on the Forbes Global 2000 list were publicly impacted by extortion attempts. Since 2019, at least 96 of these organizations have had confidential files publicly exposed to some degree as part of attempted extortion. At least 75% of ransomware attacks fielded by Unit 42’s Incident Response team resulted from attack surface exposures.

---------------------------------------

About Palo Alto Networks