Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Barracuda. Show all posts

Barracuda's Vigilance: Tackling Cyberattack Sophistication Head-On

 


Security for web applications has historically been difficult and complex because they are among the primary vectors of attack against your network that criminals use to penetrate. In addition to offering comprehensive protection against all kinds of application-based threats, the Barracuda Web Application Firewall comes with highly flexible deployment options and exceptional ease of use. 

Using artificial intelligence-based pattern analysis, Barracuda Managed XDR, a leading provider of cloud-first security solutions, revealed the results of its first half of 2023 analysis. Among more than one trillion IT events collected, Barracuda Managed XDR was able to detect and neutralize thousands of high-risk incidents based on the data it collected. 

It has been discovered in new research that scammers are keeping cyber-extortion attacks hidden from tech-savvy consumers. As part of a research project carried out by Columbia University, researchers examined 300,000 emails that were detected over one year to be blackmail scams as a result of artificial intelligence (AI) detectors designed by Barracuda Networks.  

It was also the team's goal to study how cybercriminals use tactics to extort money from people without being detected by security teams or payment systems, to see how they can do so.   There have been several studies that have revealed how fraudsters can protect themselves from detection by targeting no more than 10 work email accounts at a time, as well as by making moderate demands for payment in Bitcoin of US$1000. 

Artificial intelligence (AI) is a powerful security tool because of its ability to identify anomalies and build patterns based on normal activity patterns. It creates a significant advantage when an attacker tries to manipulate legitimate credentials to use compromised accounts to commit fraud. 

In the first half of 2023, the three most common high-risk detections were "impossible travel" login detection, the detection of communication with known artefacts, and the detection of "unauthorized use" of computer accounts. These threats were defined as those requiring immediate defensive action by security professionals. 

The cloud cybersecurity firm Barracuda Networks Inc. has released a new report on how artificial intelligence is being used by attackers to cause damage to systems and to prevent potential attacks and breaches. The report details how AI is being used by attackers and provides information on how to mitigate risk. 

During the period January through July 2023, ninety-five billion events were analysed from customers' integrated network, cloud, email, endpoint, and server security tools. A comprehensive analysis of all types of events was conducted that included logins, application and device processes, configuration and registry changes, as well as much more. 

A total of 0.1% of all customer events, or 985,000 of the events analyzed, were labelled as "alarms," which indicates activity that may be malicious and may require further investigation. Only 9.7% of these were flagged for customer review, while another 2.7% were identified as high-risk and sent to the Security Operations Center to be further investigated. Six thousand individuals had to take immediate defensive action to contain and neutralise the threat. 

It is noteworthy that AI-based detection, which was used both in detecting and analyzing the data, was the key factor involved in both detecting as well as analyzing the data using the Barracuda report during the first six months of 2023. 

As Barracuda noted, the number of login events that occurred "impossible travel” in the cloud was the most common, which occurred when a user attempted to log into a cloud account from two geographically different locations simultaneously, resulting in “impossible travel” log-in. 

It is possible for a user to use a virtual private network when using one of these sessions, but it is almost always a sign that an attacker has gained access to that account and has gained control over it. In the following list, there are detections of “anomalies” in users’ accounts — unusual or unexpected activity in their accounts. To detect such anomalies, there need to be several factors taken into account. 

For example, one-time or unusual login times, unusual file access patterns, or excessive account creations for an individual user or an organization. Infection by malware, phishing attacks, or insider threats can be a sign of anomaly detection. 

Detecting communications with known malicious artefacts is also ranked third as being a sign of a malware infection or a phishing attempt. These actions are designed to identify contacts with IP addresses, domains, and files that have been marked as red-flagged or known malicious. 

Despite the results of the data analysis demonstrating how AI can be used to detect and prevent attacks as well as detect and prevent them, the report also warns that AI can also be misused by attackers in malicious ways. 

According to the report, generative AI language tools are capable of creating highly convincing emails that resemble an actual company’s style, making it even more difficult for individuals to distinguish if an email is legitimate or a phishing, account takeover, or business email compromise attempt. 

AI tools can also be used by attackers to automate and dynamically replicate adversarial behaviour, which can allow them to be more efficient and difficult to detect in the future. In 2023, there will inevitably be an increase in the number of online phishing attacks as well as other forms of e-mail cyber attacks, with Acronis confirming, for instance, that the number of email-based phishing attacks has increased 464% compared with2022 in the first half of the year. 

As part of its report, Barracuda offered some steps to be taken to prevent businesses from being extorted from their assets. The best way to prevent hackers from gaining control of critical systems is to invest in artificial intelligence-powered email security that detects and blocks emails before they reach their recipients so that they do not reach their target. 

The report also emphasizes the importance of employee training and security policies by prohibiting staff from accessing third-party websites via their work email address or storing sensitive information there on a work email address.