WithSecure’s generative AI focus could be the key to cracking its mid-market push
Since spinning out from its consumer-focused parent company F-secure in 2022, WithSecure has struggled to carve out a distinct lane in the enterprise security space. Facing an uphill battle against well-established competition, WithSecure has repeatedly fallen short of profitability and missed this goal at the end of its FY 23. Despite this, the firm has a potential path to profitability by expanding its cloud security platform as organizations look to consolidate their security portfolios, which have become increasingly complex as a result of the cloud transformation. WithSecure’s Elements cloud security products have given the firm something of a foundation on which to build on since being launched in 2021, but its beleaguered on-premises segment and consultancy services have continued to decline. But with the advent of generative AI in late 2022, WithSecure could finally be on the road to finding its niche. The demand for AI-powered security tools has accelerated rapidly over the last year, and with use-cases on the potential of AI tools in security showing promising signs, this represents an opportune moment for the firm to capitalize.
The firm predicts the majority of cyber risks associated with the adoption of generative AI tools come from how these models are integrated into systems and workflows, rather than the models themselves. Accordingly, WithSecure could find a happy hunting ground in helping organizations integrate LLMs into their IT systems securely, providing services around AI governance, AI risk modeling, and penetration testing for LLM applications and infrastructure underpinning the models. Learn more about this on the following link: https://www.itpro.com/cloud/cloud-security/withsecures-generative-ai-focus-could-be-the-key-to-cracking-its-mid-market-push
WithSecure Intelligence research sets mass exploitation of edge services as the prevailing trend for attackers
The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation. A previous WithSecure report on the professionalization of cybercrime noted the growing importance of mass exploitation as an infection vector, but the volume and severity of this vector have now truly exploded.
The number of edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) added to the Known Exploited Vulnerability Catalogue (KEV) per month in 2024 is 22% higher than in 2023, while the number of other CVEs added to the KEV per month has dropped 56% compared to 2023. Furthermore, edge service and infrastructure CVEs added to the KEV in the last two years are, on average, 11% higher in severity than other CVEs.
Several recent reports indicate that mass exploitation may have overtaken botnets as the primary vector for ransomware incidents. There has been a rapid tempo of security incidents caused by the mass exploitation of vulnerable software such as MOVEit, CitrixBleed, Cisco XE, Fortiguard’s FortiOS, Ivanti ConnectSecure, Palo Alto’s PAN-OS, Juniper’s Junos, and ConnectWise ScreenConnect.
Edge services are extremely attractive targets to attackers. They are exposed to the Internet and are intended to provide critical services to remote users, so they can be abused by remote attackers.
“There is just one thing that is required for a mass exploitation incident to occur, and that is a vulnerable edge service, a piece of software that is accessible from the Internet,” says Stephen Robinson, Senior Threat Analyst at WithSecure Intelligence.
“What many exploited edge services have in common is that they are infrastructure devices, such as firewalls, VPN gateways, or email gateways, which are commonly locked down black box like devices. Devices such as these are often intended to make a network more secure, yet time and again vulnerabilities have been discovered in such devices and exploited by attackers, providing a perfect foothold in a target network.”
Research finds that mass exploitation is the new primary observed attack vector for ransomware and nation-state espionage attackers. Also, the capability and expertise needed to exploit zero and one-day vulnerabilities is more attainable for financially motivated cyber criminals than ever before.
“It is likely that mass exploitation is becoming the primary attack vector either because there are so many vulnerable edge services, or attackers and defenders are now more aware of vulnerable edge services due to the prevalence of mass exploitation,” Robinson concludes.
Read the full report here: https://labs.withsecure.com/publications/mass-exploitation-the-vulnerable-edge-of-enterprise-security
Latest WithSecure report
As ransomware actors continue to adapt, the new report underscores the importance of vigilance, collaboration, and innovative strategies in combating this evolving threat.
A comprehensive new WithSecure report provides crucial insights into the evolving world of ransomware. The report, which examines data and trends from the first half of 2024, reveals that the ransomware industry, after peaking in late 2023, is beginning to see a stabilization in productivity, with notable developments in ransomware targets, and industry dynamics.
While ransomware productivity has shown signs of leveling off in 2024, the frequency of attacks and ransom payments collected remained higher in the first half of 2024 compared to the same periods in 2022 and 2023.
“There has been a marked shift towards targeting small and medium-sized businesses, which now represent a larger proportion of ransomware victims,” says Tim West, Director of Threat Intelligence and Outreach at WithSecure.
Law enforcement actions, notably the takedown of the Lockbit ransomware group in February 2024, have played a critical role in disrupting major ransomware operations. These efforts have led to the seizure of significant assets and the dismantling of critical infrastructure used by ransomware groups. Despite these disruptions, the long-term impact of law enforcement on the ransomware ecosystem remains uncertain, with ransomware groups adapting and evolving in response.
The report examines the architecture of Ransomware-as-a-Service (RaaS) collectives, emphasizing the growing competition among ransomware franchises to attract affiliates. Notably, following the decline of prominent groups like Lockbit and ALPHV, many newly “nomadic” ransomware affiliates have aligned themselves with more established RaaS brands.
“Trust within the cybercriminal community has probably been significantly eroded due to incidents such as ALPHV’s alleged exit scam, where affiliates were defrauded of their earnings, further complicating the dynamics within the ransomware ecosystem,” West describes.
A notable trend identified in the report is the increased adoption of initial access through edge service exploitation as described in previous WithSecure research this year, along with the frequent use of legitimate remote management tools by ransomware actors.
The report also touches on the persistent issue of reinfection, with data showing that a significant percentage of organizations that paid ransoms were later targeted again by the same or different ransomware groups.
Read the full report here: https://labs.withsecure.com/publications/ransomware-landscape-h1-2024