Threat Landscape Report – Malware in Linux-Based Multi-Cloud Environments 

Ransomware-as-a-service has become an increasingly more visible threat to organizations, and we continue to see sophisticated ransomware attacks across multi-cloud environments. A new VMware Threat Analysis Unit report exposes just how agile attackers have become by weaponizing ransomware, cryptojacking, and Remote Access Tools (RATs) in Linux-based environments. The report clearly outlines the steps attackers take once they’ve obtained a foothold in their target cloud environment, either executing ransomware or deploying cryptojacking components. In addition to these two types of attacks, our threat researchers also present how threat actors implant themselves using RATs.  

 In the report, a team of highly skilled and dedicated threat researchers and security professionals provide an in-depth analysis to these key findings: 

• Malware targeting Linux-based systems is fast, becoming an attacker’s way into high-value, multi-cloud environments. The report uncovers that Linux is the most used operating system across multi-cloud environments, as 78% of the most popular websites are powered by Linux.  
• Ransomware targeting Linux-based systems is becoming highly sophisticated. The main threats in most multi-cloud environments are ransomware, cryptojacking, and RATs. However, ransomware targeting these systems has evolved to target host images and require high-level host monitoring and analysis. 
• Monero Continue reading

VMware Wins Best Network Detection and Response Award From SE Labs 

After months of in-depth testing by SE Labs across a vast spectrum of security products, VMware is honored to receive the 2021 Best Network Detection and Response award.  This award comes on the heels of the announcement earlier this year that SE Labs awarded the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR).   

According to the U.K. based independent testing lab, each of the award winners has demonstrated its excellence in its category. SE Labs bases their conclusions on a combination of continual public testing, private assessments and feedback from corporate clients who use SE Labs to help choose security products and services. 

The efficacy of VMware NSX NDR is clear, proving  100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network.  

A Sea Change in Independent Security Testing 

This award and AAA rating from SE Labs is the first in the industry. It is well-known that today’s attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and Continue reading

Peek Under the Hood: SE Labs NDR Test 

Earlier this month, SE Labs awarded VMware the first ever AAA rating for Network Detection and Response (NDR)–highlighted by our ability to provide 100 percent protection from four major advanced and persistent (APT) groups across multi-cloud environments. The NDR test, the first of its kind, signified the changing threat landscape where enterprises need to identify and stop attackers inside the network where they are able to move freely to discover valuable information they can exfiltrate. Given expanding threat surfaces due to modern applications, work from anywhere and cloud transformation, the assumption is that attackers are likely already inside your network, making legacy cybersecurity tests focused solely on the perimeter increasingly-unsuitable assessments for protecting today’s modern enterprise. 

According to the results from SE Labs, VMware NSX NDR provides 100 percent protection across multi-cloud environments from four major advanced and persistent threats (APT) groups—including FIN7&Carbanak, OilRig, APT3 and APT29—while returning zero false positives. This ability allows security operations teams to rapidly detect malicious activity and stop the lateral movement of threats inside the network. 

Given that this is the first test of its kind, we wanted to give you a look under the hood to see how SE Labs used VMware NDR to detect all malicious network traffic and payloads from a specific threat group—OilRig – APT 34. Check out the Continue reading

VMware Achieves Industry-First AAA Rating for Network Detection & Response from SE Labs

In the first public test of is kind for Network Detection and Response, SE Labs awards the industry’s first NDR AAA rating to VMware NSX Network Detection and Response (NDR). The modern cyber battlefield is everywhere, and every attacker has to traverse multiple networks and in most cases many firewalls to achieve their goals. Internal to networks they look to move freely within the environment discovering valuable information they wish to exfiltrate. As attackers have continually innovated so must the industry and our testing. As a leader in the security industry, VMWare has gone through the industry’s first Network Detection and Response (NDR) test and received a AAA rating. It is well-known that attackers continually evolve and chain together an ever increasingly complex chain of events. These techniques, tactics and procedures occur across networks and often traverse and bypass traditional security tools like firewalls and antivirus. As our understanding of attacker’s behaviors evolve, so must our engineering and testing.

VMware customers can be assured that their data is better protected in this new arena as they continue to modernize their application and network infrastructure as part of their digital transformation initiatives.

According to the results from SE Labs, VMware NSX Continue reading

Threat Landscape Report – Threats Evading Perimeter Defenses

Today’s reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses. A new VMware Threat Analysis Unit report bears this out. In North-by-South-West: See What Evaded Perimeter Defenses, the findings are clear: despite a cadre of perimeter defenses being deployed, malicious actors are actively operating in the network. The research presents a clear picture of how attackers evade perimeter detection, infect systems, and then attempt to spread laterally across the network to execute their objective.

Watch Chad Skipper, Global Security Technologist, provide an overview of the findings.

Key insights include:

• The best offense is to evade defense: Threat actors’ first order of business is to evade detection. Evasion of defense systems is the most encountered MITRE ATT&CK ^® tactic used by malware, followed by execution and discovery.
• Email attacks lead the pack: Email continues to be used as the most common attack vector to gain initial access with more than four percent of all business emails analyzed contained a malicious component
• ZIP-ing through defenses: More than half of all malicious artifacts analyzed were delivered by a Zip archive. Attackers have massively scaled up operations Continue reading