The threat intel team at Recorded Future, a US-based cyber-security firm, claims to have identified the hacker who assembled and then sold a massive collection of email addresses and passwords known as Collection #1.
The company’s experts believe a hacker going online by the pseudonym of “C0rpz” is the person who rigorously and meticulously collected billions of user records over the past three years. This includes records from companies that were hacked in the past and whose data was posted or sold online.
Recorded Future says that C0rpz isn’t only responsible for assembling and selling Collection #1, a data trove of 773 million unique email addresses and just under 22 million unique passwords that grabbed headlines at the start of the year, but many more other data collections.
Researchers say Collection #1 was part of a larger package containing seven other “collections” in total.
- “ANTIPUBLIC #1” (102.04 GB)
- “AP MYR & ZABUGOR #2” (19.49 GB)
- “Collection #1” (87.18 GB)
- “Collection #2” (528.50 GB)
- “Collection #3” (37.18 GB)
- “Collection #4” (178.58 GB)
- “Collection #5” (40.56 GB)
Of the seven, the AntiPublic collection had already leaked online and had been shared among other hackers since April 2017. The rest appear to be new items, that hadn’t been seen online until this month.
In total, these databases appear to contain more than 3.5 billion user records, in combinations such as email addresses and passwords, usernames and passwords, and cell phone numbers and passwords.
Recorded Future says C0rpz sold this data to other hackers, who are now disseminating it for free via online sharing portal MEGA and via torrent magnet links.
Some of the hackers who bought this data from C0rpz are Sanix, another hacker who infosec journalist Brian Krebs first identified as the source of Collection #1, and Clorox, the person who initially shared Collection #1 for free on Raid Forums at the start of the month, inadvertently exposing this huge data trove to security researchers and journalists.
“Neither of three actors has ever been on our radar,” Andrei Barysevich, Director of Advanced Collection at Recorded Future, told ZDNet in an email today. “However, we did find a previous online footprint on all actors, which does not suggest that these actors are sophisticated.”
Barysevich also told ZDNet that his team didn’t find “any proof” that the named three, including C0rpz, are hackers, responsible for actual breaches at any company.
“We believe they have merely aggregated the data over the time,” Barysevich told us.
But Recorded Future experts aren’t 100 percent sure in their attribution of these data collections to C0rpz –as no attribution that involves self-aggrandizing and braggadocio hackers can truly ever be 100 percent. Experts are also looking into another possible source of the leak, which they did not name yet.
“On January 10, 2019, an actor on a well-known Russian-speaking hacker forum posted both a magnet link and a direct download link to a database containing 100 billion user accounts hosted on a personal website,” Recorded Future said in a report published earlier today. “The following week, the actor made clear that the data dump referenced in Troy Hunt’s [Collection #1] article was included in their dump as well.”
To be fair, it doesn’t really matter who assembled, sold, or shared this data in the end. All this data was previously available for years. The difference was that in past, this data was shared in individual packages, per site of origin.
It’s only become a recent trend for data hoarders (hackers who collected data from hacked sites) to assemble these smaller leaks and breaches into gigantic packages.
This became a trend because more and more companies are getting hacked, and the value of individual leaks became smaller. Data sellers adapted and started merging leaks together to continue to make a profit.
There are likely hundreds of similar mega-packages being shared on hacking forums out of the public eye as we speak, which have not made the light of day yet.
Eventually, they will. When that happens, cyber-crime groups will collect these aggregated leaks, extract any new user records they don’t have, and use this information to spam our email inboxes, attempt brute-force attacks against our online accounts, or, even worse, use these details for extortion or financial fraud.
It is highly likely that most of our data has already leaked online by now. All, we, the users, can do is protect our accounts with strong passwords that are unique per site, enable multi-factor authentication wherever possible, and avoid entrusting our data to any company that asks for our details for no good reason.
Now, if we could only get journalists to stop blowing these “collections” out of proportion every time one of them surfaces online.
More data breach coverage:
Microsoft takes Entra to the edge
Identity security must be at the heart of any organization’s security strategy.
Our infrastructures have become more disparate, and our users are accessing more systems from more locations and devices. This has made identities more vulnerable and a much higher value target to cybercriminals than ever before. A criminal with a stolen identity or set of credentials can gain access, deploy malware, steal data, or carry out denial-of-service attacks upon a given target.
This has driven demand to find new ways to tackle the challenge, such as the emerging Identity Threat Detection & Response (ITDR) market. It also has changed how we trust identities once they have access to systems, with Zero-Trust dictating constant evaluation of identities once authorized.
It is with this in mind that July 11th saw Microsoft make a number of announcements around its Entra platform (you can find details here). While a lot was announced, I wanted to share some thoughts on just two areas. Its introduction of Secure Service Edge (SSE) and ID governance and lifecycle management.
What is Microsoft Entra?
Before we start, it is probably useful to introduce Entra. Entra is the brand name of the identity and access security elements available in Microsoft 365 and Azure. This includes Active Directory, conditional access policies, identity, and permissions management. It is more than just branding; Entra has also consolidated identity and access security management into one place, making it easier to gain visibility and management access.
Identity is a complex issue that requires a broad array of tools to address it. In this latest announcement, Microsoft shows they understand this and have added some key capabilities that will be valuable for customers as they tackle identity-centric security challenges.
It is Microsoft’s first move into the world of Secure Service Edge (SSE). SSE is an important part of modern enterprise access security, taking historically disparate systems, such as secure web gateway, cloud access broker, and zero-trust network access, and bringing them together into a single, usually cloud-based, security service. Bringing these tools more in line with the dynamic cloud-like environments most organizations need to protect.
Microsoft’s solution consists of two services: Internet Access and Private Access.
As shown above, each solution has a different focus. Internet Access acts as a modern Secure Web Gateway, securing access to SaaS apps (including M365). Private Access offers a replacement for traditional VPN using a Zero-Trust approach to managing and securing access to private enterprise systems. In both cases, Microsoft uses its extensive knowledge about user identities and behavior to constantly evaluate threats and reduce the risk of Identity-based attacks.
Why does it matter?
Microsoft is not unique in this space; there are many established vendors with mature SSE solutions. However, Microsoft’s brand and the solution’s seamless integration into M365 will help. They are making the SSE approach more visible to organizations and potentially easing its adoption.
Changing infrastructure and operational behavior means we must modernize enterprise edge security. We cannot rely on traditional architectures and must provide approaches as dynamic and broad as the systems it protects.
Entra ID Governance
While Entra Access takes an identity-centric view of access control, identity-centric security is only as good as the identities it is protecting. One of the biggest problems in the enterprise is poor identity lifecycle management. From the creation to the deletion of accounts, organizations often struggle to effectively manage the process. Accounts are provisioned into the wrong systems, given too few or too many permissions, and orphaned accounts are left in systems when users have moved to new roles or new companies.
Because of this, Microsoft’s announcement of Entra ID Governance is worth at least similar coverage to that afforded to SSE. Entra ID Governance is Microsoft’s identity management platform, helping its customers to better manage, secure, and orchestrate identities through their lifecycle.
It allows customers to easily build lifecycle automation for processes such as on and off-boarding, simplifying the process and reducing the scope for mistakes. It also offers access reviews, which, while not new, use “AI” to help guide those making the reviews, with automated insights into user access and where there may be risks. And entitlement management simplifies the management of user assignment to resources.
As with SSE, this is not unique to Microsoft, but for those using M365, this is another powerful addition to the portfolio. Identities are at the forefront of the cybersecurity challenge, and protecting them has to start with managing them correctly.
Let’s not forget!
Just in case you missed it, one bit of “marketing” that was included in these announcements is the rebranding of Azure Active Directory to Microsoft Entra ID. No doubt this will cause confusion, but as Microsoft looks to consolidate its Identity and Access tools under the Entra umbrella, it makes sense that the most important part of it, Active Directory, should be firmly placed under it.
To sum up
I’ve been watching Microsoft’s development of its security capabilities over the last few years, and it continues to impress with its innovation and strategic direction. While many of these tools are only truly valuable to its M365 subscribers, there are enough of those for this to make a big difference in enterprise security. Identity and data are the targets of cybercriminals, and it’s important that organizations protect them both and take advantage of modern tools and techniques to do so, because you can certainly bet that the cyber attackers are doing just that.
These announcements show that Microsoft continues to invest in, and develop its increasingly broad security portfolio.
The post Microsoft takes Entra to the edge appeared first on Gigaom.
Is there a case for Microsoft as your only enterprise security partner?
In recent GigaOm research, we evaluated whether there was a good argument to use a single security partner to protect an organization or if multiple “best of breed” solutions are still the way to go.
We looked at two use cases. Microsoft, using the broad capabilities of its M365 E3 platform with its E5 security add-on, compared to selecting individual solutions from several leading enterprise security vendors, including Crowdstrike, OKTA and Proofpoint.
The research consisted of cost analysis, technical comparisons, and conversations with senior IT decision-makers to understand some of the criteria they used when evaluating technology.
Our analysis showed that technically and commercially, Microsoft’s tools and services offer an attractive single-vendor proposition. However, it also uncovered that, while this was the case, there was also a pervading attitude from a number of CxOs, that not only was Microsoft not their primary choice, but for some, they would not even consider Microsoft as a security partner.
That raised the question as to whether Microsoft did, in fact, present a strong enough proposition to be a single security partner for an enterprise and whether it was possible to overcome the concerns of CxOs. To attempt to answer those questions, we wanted to review our research and bring a fresh CxO perspective to it. To do that, we enrolled our own CTO, Howard Holton, to provide additional CxO insight into the results of our work.
The research around Microsoft as a security partner
The aim of this post is not to share all the research. It is to provide a summary of our findings which can help answer some of the questions decision-makers would ask when evaluating a single-vendor versus multi-vendor approach for cybersecurity tools and services.
Before providing that summary, it is useful to outline the scope of our research. It is important to note that this was not a hands-on technical evaluation, detailed functionality testing, or TCO analysis. The scope of the research was to provide a C-level briefing that looked at the following;
- Solution capabilities
- High-level cost analysis
- Other operational overhead/business risks
We evaluated these areas to understand whether the single-vendor versus multi-vendor approach could;
- Reduce complexity
- Reduce cost
- Maintain/enhance security
We applied these questions across several business security challenges. The Microsoft E5 Security Add-on covers each of these areas, and we compared that to the vendor listed in each category;
- Endpoint including mobile – Crowdstrike
- Identity Management – Okta
- Email Security including BEC, phishing protection, virus, and malware defense – Proofpoint
- MFA and adaptive access controls – Okta/Proofpoint
- Tools to monitor threat and failure – Crowdstrike
- Data Loss Prevention and Associated Data Security Technologies – Proofpoint
- Cloud Application Security/Cloud Access Service Broker – Proofpoint
These areas accurately reflect the key security focus we find in all types of organizations. Therefore, evaluating the capability of any tool against them was a useful way to compare features and capability, their cost, and whether they would meet the needs of an organization’s modern security demands.
The pros and cons of Microsoft as a security partner
Microsoft’s E3 + E5 Security add-on offers a comprehensive range of security tools for users of its Microsoft 365 and Azure services. Its breadth of capability would provide an organization with wide-reaching security and comprehensive protection through a single vendor.
The Microsoft Security Toolset
Microsoft’s security coverage is broad and split across a number of core service suites. This includes;
- Microsoft Defender for EDR, anti-virus, Cloud App protection, anti-phishing, and data loss prevention across desktop, server, Mac, mobile, and of course, Cloud
- Microsoft Entra provides identity protection
- Exchange Online Protection defends against phishing and BEC and offers malware protection
This range of security tools is tightly integrated into Microsoft Azure and M365 to provide customers with a comprehensive, seamless security experience. For those customers, the research highlighted that the single vendor, single platform approach reduces both technical and commercial complexity, making a compelling security offering.
Why were CxO’s not embracing Microsoft’s compelling offering?
While Microsoft did make a strong single-vendor case, why did potential customers and their security decision-makers meet this with the view that “Microsoft is not even a consideration” when evaluating security solutions and partners?
Reasons for not choosing Microsoft
What were some of the key reasons we discovered?
- I do not want to spend even more with Microsoft.
- While the solutions are broad, I don’t believe their capabilities are as good as specialist vendors.
- I do not want all my security eggs in one basket.
- The pricing of migration from my current providers is significant.
- Can they provide me with hands-on threat response support?
- Is their threat response tool something I could reclaim via my cyber insurance?
Are these valid concerns?
While all concerns are valid during our research, we found evidence that could be used to help answer some of them. This does not mean the concerns are wrong, but they provide additional context that may alter a potential customer’s perception.
I do not want to spend more with Microsoft
There are good commercial reasons why this may be the case. We did also find that there was a very strong financial case made for the single-vendor approach.
Based on published pricing, our research saw potential savings close to 80% when using the Microsoft E5 security add-on compared to using three individual vendors*. While there may be commercial reasons not to spend more with Microsoft, this is a significant figure, and one that should make for closer examination, especially where budgets are under ever-increasing pressure.
Microsoft’s capabilities are not as good as specialist vendors
This is a complex question, and as the research was not based on functionality testing, it was not definitively answered here. However, we have found in other GigaOm research that Microsoft’s capabilities score highly in our security-based reports.
It should also be considered that the single-vendor approach will reduce the complexity that multiple vendors can create. We also discovered that Microsoft’s E5 approach is extremely comprehensive and filled gaps that were left by the multiple leading vendors we also evaluated.
I do not want a single vendor
The value of using multiple best-of-breed vendors has advantages. To understand if that is a valid concern in any given instance, it is important to understand why the multi-vendor approach is preferred and what it offers that a single vendor cannot. We found Microsoft’s approach technically and commercially attractive. Our findings certainly made a case for the re-appraisal of the single vendor approach in these instances.
Cost of migration
This is a strong and valid concern. As IT budgets remain strained, migration costs may bring unwelcome additional pressure. This should not mean it should not be considered, as there are potentially long-term savings to be had. However, organizations should study the length of this return to ascertain its viability.
Threat response and cyber insurance
One of the major questions raised when comparing Microsoft with other leading vendors was its capability to provide threat response if a cyber incident should occur. While Microsoft can indeed cover threat response, we found service definitions and costs less clear during our research than those of competitors such as Crowdstrike.
An additional concern was whether they would be covered under cyber insurance when engaging in such services. Both concerns are significant and would require full clarity when evaluating adopting or changing or single security vendor approach.
What were the three key advantages we discovered?
In exploring this with GigaOm’s CTO Howard Holton, we discovered several key advantages of the single vendor approach that the diligent tech evaluator should consider. None of these things is to say Microsoft or any single vendor is the right answer, but there is a case to explore, and as Howard mentioned at the end of our research, “at least we’d have Microsoft in the conversation”.
- Cost reduction: the potential here is significant. While it should never be the main criterion, it is a consideration in a world of under-pressure budgets. Our comparison of Microsoft’s E3/E5 Add-on versus an amalgamated leading vendor approach showed potential savings in the region of 80%*. Of course, in the real world, customers are unlikely to pay full published prices, but the saving potential does exist and must be considered.
- Complexity reduction: Complexity is the enemy of security. The more products an organization tries to bring together, the more complex it becomes to secure, the higher the operational overhead, and the more likely there will be security gaps. Microsoft is extremely strong here, if not perfect. Their solutions are managed from its single M365 platform but not necessarily in a single console. It provides consistency of security policy and procedure across the platform. And, of course, the breadth of the platform ensures detailed insights and analytics from across an organization are made available to help with threat investigation and hunting. This is also augmented by both automated incident response and, more recently, the additions of managed response via Microsoft Security Experts. This is not impossible to achieve with third-party vendors, especially the ones we looked at here, who share a range of tight product integrations that share intelligence to provide broad security insights, but it does take additional work.
- Improved Security: This one is less clear. There is no doubt that the breadth of coverage and capabilities Microsoft provides can certainly help improve security posture, especially for those using E5 to fill existing gaps. The E5 license offers a strong solution, especially for those deeply invested in Microsoft’s cloud platforms. However, it is less clear whether those already invested in other tools would see the same improvements. While in some cases, Microsoft will deliver parity or even feature improvement, there will be many cases where best-of-breed competitors do things Microsoft doesn’t. Security must be the main criterion in those cases, regardless of potential cost savings.
In answer to the question we posed in this post, the answer is yes, Microsoft could be a single security provider for an organization. However, not for all. While it provides solid security capabilities at a very attractive price, there are gaps. In reality, Microsoft’s approach is only going to be effective for those with a strong investment and strategic commitment to Microsoft Azure and M365 already.
There, of course, will be the comparison of capabilities. Specialist vendors are, at the very least, perceived to provide “better” security capabilities than Microsoft’s native tools and, in many cases, provide things Microsoft don’t. The idea that Microsoft provides “good enough” security is true, but it should not have negative connotations. Good enough security is exactly that, good enough to meet needs. However, organizations must thoroughly evaluate whether any potential solutions meet their needs.
Increasingly organizations also need services to augment their internal resources. Vendors like Crowdstrike offer comprehensive professional services with threat and incident response teams. Microsoft does offer this, but the full direction of its Security Experts service and how that will compare is unclear. This will be a crucial consideration.
This research showed us that a single vendor, specifically Microsoft, can make a strong case in terms of capability, efficacy and cost. They could either become a single vendor filling security portfolio gaps, or even replace other vendors in some instances.
However, we also noted that best-of-breed market-leading solutions are perceived as that for a reason, and that cost alone must not be the only criterion for replacing them.
What was certainly true for those who take the time to thoroughly evaluate Microsoft’s capabilities, as our CTO Howard Holton pointed out, it should at least make Microsoft part of the discussion.
*Our price comparisons were based on a 5000-user enterprise, 10,000 devices comparing M365 E3 plus E5 security versus Crowdstrike, Okta and Proofpoint as part of Crowdstrike’s Spectra Alliance providing the same security coverage. Based on published list price comparisons, research showed a 77% saving using Microsoft’s tools compared to an integrated approach using the three leading vendors showed.
This did not include any reduction in operational cost, as this was outside of the scope of this research. However, it should be noted that in previous research, looking at the impact of security tool consolidation, we have seen reductions in operational costs of 3-7 times.
The post Is there a case for Microsoft as your only enterprise security partner? appeared first on Gigaom.
GigaOm Research Bulletin #004
Welcome to GigaOm’s research bulletin for August 2023
Hi, and welcome back!
Our CEO Ben Book has taken GigaOm from a boutique analyst company to what is now recognized as a leading analyst firm, redefining the nature of analysis in the process. Here he looks at how the market for research has evolved and how GigaOm has shifted to align with the needs of end-user organizations as they prepare for a data-driven, digital future.
Our latest podcast discusses how organizations could implement technical strategies instead of spending most of their time putting out fires. Give it a listen!
See below for our most recent reports, blogs and articles, and where to meet our analysts in the next few months. Any questions, reply directly to this email and we will respond.
Trending: Cloud Observability, released in March, is one of our top Radar reads right now. “Monitoring and observability are crucial IT functions that help organizations keep systems up and running and performance levels high”, says authors Ron Williams and Sue Clarke.
We are currently taking briefings on: Cloud File Storage, eDiscovery, Ransomware Protection, PTaaS, RSLM, DAM, DPUs, and Cloud-based Data Protection.
Warming up are: Autonomous SOCs, Container Security, Data Warehouse, Scale Out File Storage, DPUs, Cloud Network Security, Incident Response Platforms.
We’ve released 18 reports in the period since the last bulletin.
In Analytics and AI, we have released a report on AIOps.
For Cloud Infrastructure and Operations, we have SaaS Management Platforms (SMPS), Value Stream Management (VSM), and Cloud FinOps, and we have covered Hybrid Cloud Data Protection for both Large Enterprise and Small & Medium Sized Businesses (SMBs), and in Storage, we have covered Kubernetes Data Storage for both Cloud-Native and Enterprise.
In the Security domain, we have released reports on Secure Service Access, Security Policy & Code, Password Management, Security Information and Event Management (SIEM), Anti-Phishing, and Distributed Denial of Service (DDoS) Protection. And in Networking, we have covered Edge & Core Routing and Edge Platforms.
And in Software and Applications, we have a report on Agile Planning & Portfolio Management (PPM), and Unified Communications as a Service.
Blogs and Articles
We’ve published several additional blogs over the past couple of months, including:
- Andrew Green asks, How Would a Distributed SIEM Look? and discusses The True Value-Add of Container Networking Solutions.
- Jamal Bihya explains how we need to strengthen the human firewall using Security Awareness Training.
- Howard Holton gives his take on the Themes & Trends at RSA 2023
- Kerstin Mende-Stief says that, For Sustainability, Buildings & Energy are Strategic Resources.
- Paul Stringfellow explains how the MOVEit Transfer hack is right on trend, provides the Top Trends from InfoSec Europe, and why Microsoft takes Entra to the edge.
… and finally, our VP of Finance & HR, Elizabeth Kittner, asks the question, How Can CPA’s Ethically Interact with ChatGPT?, and was also internationally named as one of the Top 50 Women in Accounting in 2023!
Where To Meet GigaOm Analysts
You can expect to see our analysts at Black Hat USA this week, and Open Source Summit Europe in September. Do let us know if you want to fix a meet.
For news and updates, add email@example.com to your lists, and get in touch with any questions.
Thanks and speak soon!
Jon Collins, VP of Research
Claire Hale, Engagement Manager
P.S. Here is the last bulletin if you missed it!
The post GigaOm Research Bulletin #004 appeared first on Gigaom.
The Average Lifespan Of A Diesel Engine Is Longer Than You Might Realize
If you're running a car or truck with a diesel engine, you've got a gem under the hood that will...
This Portable Cooler With Evaporative A/C, Air Purification & Fan Is Under Half Price
The air conditioning unit also works as a three-speed fan and purifier. As the air passes through the unit’s honeycomb...
The Cold War Mystery That Remains Unsolved
The USS Scorpion was commissioned on July 29, 1960, and came as a formidable Cold War nuclear-powered vessel. The innovation...
Is Crunchyroll Down (Or Is It Just You)? Here's How To Tell
Having trouble connecting to Crunchyroll to binge the latest anime? Here's how to figure out if the problem is on...
The Eight Best Floor Jacks To Lift Your Car Safely And Easily
While only rated for 1 ½ tons, the Daytona jack has a lot going for it. It’s relatively inexpensive, super...
Social1 year ago
Web.com website builder review
Social4 years ago
CrashPlan for Small Business Review
Gadgets5 years ago
A fictional Facebook Portal videochat with Mark Zuckerberg – TechCrunch
Cars5 years ago
What’s the best cloud storage for you?
Social5 years ago
iPhone XS priciest yet in South Korea
Mobile5 years ago
Memory raises $5M to bring AI to time tracking – TechCrunch
Security5 years ago
Google latest cloud to be Australian government certified
Social5 years ago
Apple’s new iPad Pro aims to keep enterprise momentum