Connect with us

Uncategorized

WatchGuard Says Endpoint Malware and Ransomware in First Three Quarters of 2021 Topped All of 2020 — THE Journal

Published

on

Internet Security Report

WatchGuard Says Endpoint Malware and Ransomware in First Three Quarters of 2021 Topped All of 2020

WatchGuard Technologies, a global network security and intelligence provider, said in a new Internet Security Report released today that endpoint malware and ransomware attacks during the first three quarters of 2021 totaled more than in all of 2020.

The report, highlighting malware trends and network security threats for Q3 2021, is based on analyses by WatchGuard Threat Lab researchers. “While total perimeter malware detection volume decreased from the highs reached in the previous quarter, endpoint malware detections have already surpassed the total volume seen in 2020 (with Q4 2021 data yet to be reported),” WatchGuard said in a news release, also noting that “a significant percentage” of malware continues to arrive over encrypted connections, a trend noted in previous quarters.

“While the total volume of network attacks shrank slightly in Q3, malware per device was up for the first time since the pandemic began,” said Corey Nachreiner, chief security officer at WatchGuard. “Looking at the year so far as a whole, the security environment continues to be challenging. It’s important that organizations go beyond the short-term ups and downs and seasonality of specific metrics, and focus on persistent and concerning trends factoring into their security posture.”

Notable findings from the report include:

Nearly Half of Zero-Day Malware Delivered Via Encrypted Connections: The percentage of malware that arrived via Transport Layer Security jumped from 31.6% to 47%. “A lower percentage of encrypted zero-days are considered advanced, but it is still concerning given that WatchGuard’s data shows that many organizations are not decrypting these connections and therefore have poor visibility into the amount of malware hitting their networks,” the report states.

As Users Update Microsoft Windows and Office, Attackers Are Focusing on Newer Vulnerabilities: “In Q3, CVE-2018-0802 – which exploits a vulnerability in the Equation Editor in Microsoft Office – cracked WatchGuard’s Top 10 gateway antivirus malware by volume list, hitting number 6, after showing up in the most-widespread malware list in the previous quarter,” the report states. “In addition, two Windows code injectors (Win32/Heim.D and Win32/Heri) came in at Numbers 1 and 6 on the most-detected list, respectively.”

Attackers Disproportionately Targeted the Americas: Network attacks targeting the Americas accounted for 64.5% of Q3 threats; Europe came in at 15.5% and APAC, 20%.

The Top 10 Network Attack Signatures Are Behind a Majority of Threats Detected: Of the 4,095,320 hits detected in Q3, 81% were attributed to the top 10 signatures. “In fact, there was just one new signature in the top 10 in Q3, ‘WEB Remote File Inclusion /etc/passwd’ (1054837), which targets older, but still widely used Microsoft Internet Information Services (IIS) web servers,” the report states. “One signature (1059160), a SQL injection, has continued to maintain the position it has held atop the list since early 2019.”

Scripting Attacks On Endpoints Continue At Record Pace: By the end of Q3, WatchGuard’s AD360 threat intelligence and Endpoint Detection and Response had recorded 10% more attack scripts than in all of the previous year. As hybrid workforces start to look like the rule rather than the exception, a strong perimeter is no longer enough to stop threats.

Even Trusted Domains Can Be Compromised: A protocol flaw in Microsoft’s Exchange Server Autodiscover system allowed attackers to collect domain credentials and compromise several normally trustworthy domains. “Overall, in Q3, WatchGuard Fireboxes blocked 5.6 million malicious domains, including several new malware domains that attempt to install software for cryptomining, key loggers and remote access trojans, as well as phishing domains masquerading as SharePoint sites to harvest Office365 login credentials,” the report states. “This highlights the critical need for organizations to focus on keeping servers, databases, websites, and systems updated with the latest patches to limit vulnerabilities for attackers to exploit.”

Ransomware Continuing To Increase: After a decline in 2020, ransomware attacks reached 105% of 2020 totals by the end of September 2021 and were on pace to reach 150% once all of the 2021 data is analyzed. “Ransomware-as-a-service operations continue to lower the bar for criminals with little or no coding skills, providing the infrastructure and the malware payloads to carry out attacks globally in return for a percentage of the ransom,” the report says.

WatchGuard’s quarterly research reports are based on anonymized data from active WatchGuard Fireboxes whose owners have opted to share data in direct support of the Threat Lab’s research efforts. In Q3, WatchGuard blocked a total of more than 16.6 million malware variants (454 per device) and more than 4 million network threats. Visit WatchGuard’s website to view the full report, which includes details on malware and network trends, a deep-dive into threats detected at the endpoint, security recommendations and critical defense tips for businesses of all sizes and in any sector, and more.

Source link

Uncategorized

Navigate360 Adds PBIS Rewards to Its Student Wellness, Safety Solutions Portfolio — THE Journal

Published

on

Mergers & Acquisitions

Navigate360 Adds PBIS Rewards to Its Student Wellness, Safety Solutions Portfolio

Student wellness and physical safety company Navigate360 has announced its acquisition of SaaS platform PBIS Rewards to round out its K–12 programs focusing on safer school environments and strengthening academic performance through positive behavior reinforcement, interventions, and other measures.

Navigate360’s Mental Health and Awareness, Threat Detection and Prevention, and Safety and Management and Preparedness suites are now paired with the Positive Behavior Interventions and Supports (PBIS) Rewards program to foster a “whole child” safety framework, the company said in a news release. The combined program addresses school climate and culture, full-cycle emergency management, early detection, and assessment and violence prevention.

PBIS Rewards is a digital management system that replaces paper tickets and tokens. Available on smartphones and laptops, it simplifies the administration of “rewards points” for positive behaviors as identified by the school district. Students can use them to “purchase” tangible and privilege rewards such as homework passes, jeans day coupons, iPad time, admissions to events, and more.

The system also allows for workplace rewards for teachers that result in recognition and perks. Learn more about how PBIS Rewards works on its website.

Source link

Continue Reading

Uncategorized

Centegix Partners with Ident-A-Kid to Extend Security Capabilities with iVisitor Management Software — THE Journal

Published

on

Campus Safety

Centegix Partners with Ident-A-Kid to Extend Security Capabilities with iVisitor Management Software

Centegix has announced a partnership with Ident-A-Kid to extend the abilities of K–12 schools’ safety and security systems, using Ident-A-Kid’s iVisitor Management (IVM) software.

Centegix’s CrisisAlert system does not rely on WiFi or cell phones but is activated by a wearable panic-alert badge that every administrator, teacher and staff member wears. In an emergency, pushing the badge button gives precise alert location, immediate audio, and visual incident notifications (including lighted strobes, screen messages, and intercom integration) to put the campus in lockdown and instantly notify administrators and responders.

Ident-A-Kid’s IVM software can manage and track all school traffic, including staff, student tardiness, and visitors, who scan their driver’s licenses or other acceptable ID. The software reads the barcode information on the license and conducts and returns data searches on custody issues, sex offenders, and other banned persons across 42 states. Information can also be entered manually.

With these two systems paired, K–12 schools will be able to “provide instantaneous alerts to on-site resources including SROs (School Resource Officers) and campus administrators that alleviate the burdens on educators and staff when faced with critical safety issues,” said Brent Cobb, CEO of Centegix.

Rick Hagan, CEO of Ident-A-Kid, added, “Together we can add control measures on school campuses and reduce the risks that have become increasingly prevalent in the past several years.”

Learn more at the Centegix home page and the Ident-A-Kid home page.

Source link

Continue Reading

Uncategorized

STEM Fuse Releases Advanced Game-Design Coding Curriculum for Construct 3 Platform — THE Journal

Published

on

CTE

STEM Fuse Releases Advanced Game-Design Coding Curriculum for Construct 3 Platform

Newest in GAME:IT Series to be Shown at CareerTech Vision Conference Nov. 30–Dec. 3

Digital K–12 curriculum provider STEM Fuse and game and animation developer Construct have released the latest in a series of career and technical education curricula: GAME:IT Advanced, which is recommended for grades 10–12 and uses the Construct 3 platform to teach coding through game design.

The GAME:IT series teaches computer, programming, and game development skills from elementary through high school. The ready-made, intuitive curricula are designed for those with no coding experience, so teachers without prior experience can assist their students. GAME:IT Advanced also offers students the opportunity to take an industry certification course upon completion, with the GAME:IT Intermediate course recommended prior.

GAME:IT Advanced modules include mobile game development, JavaScript programming, advanced game physics, UX and UI design, marketing and monetization, and in-app advertisements. The Construct 3 platform runs in a browser and can also be run offline.

GAME:IT Advanced will be demonstrated at the upcoming Association for Career and Technical Education (ACTE) CareerTech Vision 2022 conference to be held in person and online Nov. 30 through Dec. 3, 2022 in Las Vegas.

Learn more about GAME:IT Advanced on STEM Fuse’s website.

Source link

Continue Reading

Trending

URGENT: CYBER SECURITY UPDATE