Attackers Are Already In Your Network

Are You Prepared To Stop Them Before They Succeed?

 

Do you know?

What you don't know?

Probably not...

40% of gateways fail

We can show you.

in 2 minutes or less

 

Unsplashed background img 1

Seculert Key Benefits & Features

 

Real World Threats, Exposed in 2 Minutes... Fixed in 5.

Seculert Javelin is the first inside-out attack simulation and remediation service that allows you to determine how well your secure web gateways (SWG), next-generation firewalls (NGFW), or proxy would do at preventing the latest, real world, malicious malware attacks from succeeding in communicating with their perpetrator’s command and control servers.

Javelin replicates the destination-based communication used by latest, real-world [active-trending] attacks to exfiltrate data. The test takes less than 2 minutes to complete and uses no actual malware.

Javelin also provides a Daily Fix to fill the gaps in gateway performance identified by the attack simulation. 

To learn how to use the Javelin’s Daily Fix to update your gateway and avoid falling victim to current real world attacks, click here.

find out more
 

Is Your Gateway Really Protecting You?

Your web gateway, NGFW, or proxy is designed to protect you from the effects of malware attacks that penetrate your network. But is it? Seculert Labs research consistently reveals that, as a category, gateway solutions miss 40% of malicious outbound communications and allow active attacks to communicate with their perpetrators.

Seculert Labs also found that when a gateway fails to block attack communication it permits a lot of data to escape the network. The average number of successful outbound communications per incident (or infected device) is more than 100.

Measured over time, nearly all of the gateways observed exhibited uneven performance. While most performed well for weeks or months, eventually all showed evidence of being “defeated” by the adversary.

To learn how to use the Javelin’s Daily Fix to update your gateway and avoid falling victim to current real world attacks, click here.
find out more
 

Empower Your Gateway to Contain Evasive Techniques

In a perfect world it would be possible to identify new attacks in real time before they infect any devices on a large network. In the real world, however, attacks are stealthy and designed to defeat even the most the modern prevention solutions. The attackers have also adopted “low and slow” propagation strategies to make their attacks even harder to detect. The challenge this creates for security teams is how to best complement their prevention strategies with effective containment.

Designers of evasive techniques are intimately familiar with the capabilities (and weaknesses) of current prevention and containment solutions and are using this knowledge to develop a whole new generation of evasive techniques.

These types of attacks can only be identified with sophisticated behavioral detection technologies based on superior anti-malware science and machine learning. Seculert Shield is designed to perform exactly this job and provide SOC teams with unique visibility into these techniques and provide the containment tools to stop them.
find out more

Latest From The Blog

Nov 1, 2016 3:55:28 PM

Let’s Hack an Election, Shall We?

With the election only a week away, the discussion about how the upcoming U.S. presidential election may or may not be “rigged”...

visit the blog

With the election only a week away, the discussion about how the upcoming U.S. presidential election may or may not be “rigged” is being closely watched. ‘Election hacking’ reports from CNN, the Washington Post, and even the candidates themselves provide yet another debate platform regarding the possibility of corrupted election results. For the purpose of this blog let’s set aside the fact about our national election system is far too distributed for any widespread national vote theft to occur and explore the more likely technological aspects of “hacking an election” through swing states...and what we know through Seculert Labs analysis.

To tamper with the outcome of a presidential election today you have to ignore 80% of the states because our national elections are actually determined by the results of a small number of “swing states”. According to Politico, the swing states this year are Colorado, Iowa, Michigan, Nevada, New Hampshire, North Carolina, Ohio, Pennsylvania, Virginia, Wisconsin, and as always, Florida.

Homer Simpson's view of the importance of "swing states".

Based on current polling figures, you might have to hack into nearly all of this year’s swing states to truly impact the outcome of the 2016 election. But consider a closer election such as Bush v. Gore in 2000 and Florida’s “hanging chad” debacle. In this scenario hacking a single state’s election system could materially affect the outcome.  Let’s examine a couple different ways a motivated miscreant could do that.

From a purely technological standpoint, an election is a rather simple data collection, tabulation, and reporting system. As such it contains the same vulnerabilities as any other commercial IT operation: ‘data at rest’, ‘data in motion’, and the other risks inherent in these statuses. So without knowing which ‘swing state’ holds the most value in an upcoming election, how might a nefarious actor hack election IT system data stores ‘at rest’ in a county or state election data repository?

The best way to determine this is to look at how commercial IT systems are breached every day and attempt to manage their defenses. We at Seculert have many tools, including an “attack simulator” (ref., Seculert Javelin Gateway Attack Simulator), to observe and identify the most common and dangerous attackers now circulating on the internet. Fully three quarters of these attacks are classified as “information stealers”. The current Top 10 list also includes one of the most malicious and threatening ransomware attacks, Torrent Locker capable of encrypting the data found on file share servers.

Understanding this, there are basically two ways we see how these bad actors might attack the election process: 1) altering the vote counts in the election system in between the time actual ballots are cast and the numbers being reported, and 2) by stealing and/or corrupting the data with or without actually altering it. Altering election results would be pretty hard in most counties and states because you’d need to obtain authentication credentials, get access to the systems, and determine exactly how and when to alter the data for maximum effect. Achieving all of this without being detected would be hard, but not impossible, particularly if one started work months in advance to penetrate the election system networks, having chosen the right swing states in which to do so.

For example -- if Russian hackers, or even a local criminal gang wanted to change the results or prevent precincts from reporting vote counts on time, they could likely start with one of the information stealers like Ursnif or Nymaim that are capable of identifying and stealing authentication credentials. Assuming they could succeed in getting access to the databases and files in which votes are tabulated, there is almost no end to the mischief they might perpetrate.

You may ask, “how would they know whose credentials to steal?” This is where hacking an election becomes much easier than hacking a corporation. Election official identities are almost always in the public record, so by spearphishing the official’s login credentials you can pretty much steal whatever you want, barring some sort of really adept DLP system performing as it should. A sophisticated election hacker targeting Florida, for example, would target a list of election officials in Miami-Dade, Broward, Orange and the other counties that comprise the state’s major electoral districts - back in April - to impact the November election. This 6 to 9 month timeframe is based on research from Seculert Labs, and our awareness of how long an attacker usually lays in wait to perform their hack.

Even if a hacker weren’t able to directly alter election results, they could toss the election reporting of a swing state into chaos by using one of the information stealers like Vawtrak or Matsnu, capable of accessing and collecting data on file shares, regardless of the file or database structure. When combined with known ransomware attacks, hackers could completely disrupt election reporting by encrypting the files containing the vote counts in demand of payment or some other remuneration to release them. And sure, a state or county could pay the ransom, but may never be able to validate if the subsequently released data was unaltered from the original votes.

Can you imagine Presidential candidates Donald Trump, Hillary Clinton, or anyone frankly, accepting a swing state’s election results if a hack were discovered?

Unsplashed background img 2

news alert

What's New at Seculert

 

latest press

Apr 27, 2016 5:00:00 AM

Seculert’s Javelin Attack Simulator Reveals Serious Gaps in Organizations’ Perimeter Defenses

Santa Clara, Calif. – April 27, 2016 Seculert, the leader in attack detection and analytics, today announced new findings that 80 percent of secure web gateways installed by Fortune 1000 companies miss 80 percent of malicious outbound..

view more

in the news

eSecurityPlanet.com, July 15, 2016

Why Web Gateways Are Not Enough

Why can't web gateways fully protect you from attack and how can you maximize their performance? Learn more from Seculert CEO Richard Greene in this eSecurityPlanet article...

view more
 

“Deploying Seculert was like hiring three extra security analysts for a fraction of the cost, and these three never sleep!”

Richard Rushing, CISO, Motorola Mobility

Unsplashed background img 3

Contact Us

Unsplashed background img 2