BRATISLAVA – ESET, a global cyber security leader, has been recognized as a ‘Top Player’ for the third year in a row in Radicati’s 2020 Endpoint Security Market Quadrant. The report examines 17 leading endpoint security vendors in the market, assessing their functionality and strategic vision, within which ESET was placed in the top quadrant for the third year in a row.

The Radicati Market Quadrant is a metric used to paint a picture of a specific technology market, with this edition covering Endpoint Security – comprising of appliances, software, cloud services, and hybrid solutions that help to secure and manage endpoints for business organizations of all sizes. As pointed out in the report, organizations no longer view endpoint security as an isolated discipline affecting only the endpoint, but as an integral part of organization-wide defense. Endpoint security shares threat intelligence feeds and policy controls with all other major security components, including firewalls, secure web gateways, secure email gateways, data loss prevention (DLP), and more.

This Quadrant continues to grow in importance with the endpoint security market experiencing growth at an exponential rate, as organizations of all sizes deploy increasingly sophisticated and feature-rich solutions to help protect against threats and malicious attacks. In fact, the Endpoint Security market is expected to surpass $8.2 billion in 2020 and grow to over $15.6 billion by 2024.

Radicati positions vendors in a quadrant according to two criteria: functionality and strategic vision. Radicati also evaluates according to key capabilities including malware detection, web and email security, encryption, mobile device protection, data loss prevention and Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR).

In Radicati’s 2020 Endpoint Security Market Quadrant, ‘Top Players’ are described as the current market leaders with products that offer both breadth and depth of functionality, as well as possessing a solid vision for the future. ‘Top Players’ shape the market with their technology and strategic vision. ESET’s positioning as a ‘Top Player’ for the third year in a row demonstrates the company’s pioneering and innovative nature as the Radicati report states that once a company reaches this stage, they must fight complacency and continue to innovate.

ESET’s Endpoint Security solutions were highlighted as offering high performance and high detection rates, low footprint with low system resource usage and for their ease of deployment and use. They were also commended for their suitability to offer protection for companies with heterogeneous environments.

Juraj Malcho, ESET’s Chief Technology Officer, said “We are incredibly proud to be ranked as a Top Player in Radicati’s 2020 Endpoint Security Market Quadrant. Being acknowledged as a Top Player for the third year in a row is demonstrative of ESET’s ability to stay innovative and provide the best possible technology solutions for our customers. As the endpoint security market continues to grow, we are committed to developing reliable and easily deployable security for organizations of all shapes and sizes.”

To read more about the 2020 Radicati Market Quadrant: Endpoint Security, please click here, and to read more about ESET’s Endpoint Security solutions, please click here.

BRATISLAVA – ESET, a global leader in cybersecurity, has again been commended with the highest score in the latest AV-TEST for best antivirus software for Android. After launching version 6.0 of ESET Mobile Security (EMS) in September with the new Payment Protection feature, ESET earned top scores for the second time in a row with a total of 18 points.

AV-TEST, a leading independent testing organization, uses one of the largest collections of digital malware samples in the world to create a real-world environment for highly accurate in-house testing.

After achieving the top score in the July 2020 AV-TEST, ESET was evaluated alongside 14 other mobile security products, using their default settings and the most current version of all products. The testing focused on malware detection and usability, including performance and false positives. ESET Mobile Security achieved the highest score of 99.8% in “Protection against the latest Android malware attacks in real time” and a perfect 100% in “Detection of widespread Android malware discovered in the last 4 weeks.” The ESET Mobile Security app for Android was also highlighted for not impacting battery life or slowing down the device.

Version 6.0 of the premium Mobile Security solution introduces a new layer of security for EMS users. The Payment Protection feature safeguards users while utilizing financially related applications, for example, for banking or trading. This feature automatically categorizes all installed applications from the Google Play store that fall into the Finance category and scans them for potential threats. The user is also able to add other installed apps to the list that may fall outside of the Finance category.

Commenting on the results, Branislav Orlík, product manager at ESET, said, “We are extremely proud of ESET’s consistent recognition from AV-TEST for our mobile security product offering. Our dedication to providing customers with the very best in IT security solutions is reflected in these scores, as it is vital that users’ personal and professional data is protected to the highest standard. We are thrilled to have achieved the highest score once again and are committed to always innovating and updating our product offerings.”

Click here to find out more information about ESET Mobile Security.

BRATISLAVA – ESET researchers recently discovered attempts to deploy Lazarus malware via a supply-chain attack (on less secure parts of the supply network) in South Korea. In order to deliver its malware, the attackers used an unusual supply-chain mechanism, abusing legitimate South Korean security software and digital certificates stolen from two different companies. The attack was made easier for Lazarus since South Korean internet users are often asked to install additional security software when visiting government or internet banking websites.

“To understand this novel supply-chain attack, you should be aware that WIZVERA VeraPort, referred to as an integration installation program, is a South Korean application that helps manage such additional security software. When WIZVERA VeraPort is installed, users receive and install all necessary software required by a specific website. Minimal user interaction is required to start such software installation,” explains Anton Cherepanov, ESET researcher who led the investigation into the attack. “Usually this software is used by government and banking websites in South Korea. For some of these websites it’s mandatory to have WIZVERA VeraPort installed,” adds Cherepanov.

Additionally, the attackers used illegally obtained code-signing certificates in order to sign the malware samples. Interestingly, one of these certificates was issued to the U.S. branch of a South Korean security company. “The attackers camouflaged the Lazarus malware samples as legitimate software. These samples have similar file names, icons and resources as legitimate South Korean software,” says Peter Kálnai, ESET researcher who analyzed the Lazarus attack with Cherepanov. “It’s the combination of compromised websites with WIZVERA VeraPort support and specific VeraPort configuration options that allows attackers to perform this attack,” adds Kálnai.

ESET Research has strong indications to attribute the attack to Lazarus, as it is a continuation of what KrCERT has called Operation BookCodes, attributed to Lazarus by some in the cybersecurity research community. The other reasons are typical toolset characteristics; detection (many tools are already flagged as NukeSped by ESET); the fact that the attack took place in South Korea, where Lazarus is known to operate; the unusual and custom nature of the intrusion and encryption methods used; and the setup of network infrastructure.

It must be noted that the Lazarus toolset is extremely broad, and ESET believes there are numerous subgroups. Unlike toolsets used by some other cybercriminal groups, none of the source code of any Lazarus tools has ever been disclosed in a public leak.

For more technical details about the latest Lazarus supply-chain attack, read the blogpost “Lazarus supply-chain attack in South Korea” on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Bratislava – Every year, the Pontis Foundation awards the Via Bona award for exceptional projects and socially responsible companies that change Slovakia for the better. In the 20th anniversary of this award, ESET managed to win in two categories: Responsible Large Company and Good Partner of the Community.

The Via Bona Slovakia award has been given by the Pontis Foundation since 1998 to small and large companies that inspire other companies with their activities. The winners of this prestigious award are companies that change life in Slovakia for the better with their projects and responsible approaches to business. The award in the main category Responsible Large Company for 2019 was acquired by ESET mainly for demonstrating long-term ethical values ​​in our business model and contributing to the popularization of science and research in Slovakia.

“ESET is often cited as an example of a success story of a Slovak company that established itself abroad. We are aware of the responsibility that comes with that, especially at home in Slovakia. We do not choose an easier path. We support areas that have been neglected or overlooked for a long time. At the same time, we strive to be a voice that can be heard when needed. When, as a country, we are going through difficult times, it is desirable that the representatives of companies express themselves and stand out as voices of reason. And I hope that we have people, companies and organizations in Slovakia who really care about the success and fate of Slovakia,” responded ESET CEO Richard Marko in his thank-you speech for the award.

ESET also became the winner of the Good Partner of the Community category for our investment in the popularization and development of Slovak science. Supporting education, science and research are areas that ESET has long been involved in. It is these areas that help Slovakia become a modern and successful country. Therefore, through the ESET Foundation, it created the ESET Science Award, which aims to increase the social status of science and scientists in Slovakia. In October 2020, the second year of the ESET Science Award took place with the participation of the world-famous physicist and Nobel Prize winner, Professor Kip Thorne, who was chairman of a prestigious international commission.

“I thank both the expert jury and the employees of ESET, who are the main reason for our success. It is especially thanks to them that we can celebrate this award. I would also like to wish Slovakia success, because I think it has a positive future ahead of it,” concluded Richard Marko.

BRATISLAVA – ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS (point-of-sale) – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide. The majority of the identified targets were from the United States.

What makes the backdoor distinctive are its downloadable modules and their capabilities, as it contains a custom algorithm designed to gather RES 3700 POS database passwords by decrypting them from Windows registry values. This shows that the backdoor’s authors have deep knowledge of the targeted software and opted for this sophisticated method instead of collecting the data via a simpler yet “louder” approach, such as keylogging. Exfiltrated credentials allow ModPipe’s operators access to database contents, including various definitions and configuration, status tables and information about POS transactions.

“However, based on the documentation of RES 3700 POS, the attackers should not be able to access some of the most sensitive information – such as credit card numbers and expiration dates – which is protected by encryption. The only customer data stored in the clear and thus available to the attackers should be cardholder names,” cautions ESET researcher Martin Smolár, who discovered ModPipe.

“Probably the most intriguing parts of ModPipe are its downloadable modules. We’ve been aware of their existence since the end of 2019, when we first found and analyzed its basic components,” explains Smolár.

Downloadable modules:

• GetMicInfo targets data related to the MICROS POS, including passwords tied to two database usernames predefined by the manufacturer. This module can intercept and decrypt these database passwords, using a specifically designed algorithm.
• ModScan 2.20 collects additional information about the installed MICROS POS environment on the machines by scanning selected IP addresses.
• ProcList with main purpose is to collect information about currently running processes on the machine.

“ModPipe’s architecture, modules and their capabilities also indicate that its writers have extensive knowledge of the targeted RES 3700 POS software. The proficiency of the operators could stem from multiple scenarios, including stealing and reverse engineering the proprietary software product, misusing its leaked parts or buying code from an underground market,” adds Smolár.

To keep the operators behind ModPipe at bay, potential victims in the hospitality sector as well as any other businesses using the RES 3700 POS are advised to:

• Use the latest version of the software.
• Use it on devices that run updated operating system and software.
• Use reliable multilayered security software that can detect ModPipe and similar threats.

For more technical details about ModPipe, read “Hungry for data, ModPipe backdoor targets popular POS software used in hospitality sector,” a blogpost on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

Just in time for Halloween, we look at the haunting reality of data breaches and highlight five tales that spooked not only the cyber-world

Halloween, the scariest day of the year, is upon us! However, traditional observations of the popular holiday may be hindered by the pandemic raging outside. Instead of children roaming the streets sporting scary costumes trick-or-treating or adults attending costume parties, All Hallows’ Eve will have to be celebrated in other ways. Most of us will probably be bundled up in blankets in the comfort of our homes with mugs of pumpkin-flavored hot drinks watching eerie and horrifying stories, or better yet, telling them.

The cyber-world has many a scary story of its own as well. Unfortunately, contrary to those told on Halloween, these stories are very real.

Equifax
In 2017, Equifax, one of the largest credit reporting agencies in the United States, was the victim of an astounding data breach. The breach that lasted for approximately 78 days was caused by a vulnerability in the Apache Struts web application framework, for which a patch had been issued but that Equifax had failed to apply in time. The threat actors behind the incident were able to siphon the personal data of nearly 148 million Americans, 15.2 million Brits, and almost 19,000 Canadians. The data trove included a wide range of Personally Identifiable Information (PII) including social security numbers, birth dates, and addresses … all of which could be used to conduct identity fraud. As for the monetary damage incurred by Equifax, the company estimates that the current tally is about US$1.7 billion in costs emanating from the cybersecurity incident.

Marriott
In 2018, Marriott International, one of the largest hotel chains in the world, suffered a major data breach involving its reservations database. Marriot initially estimated that as many as 500 million of its customers might have been affected by the cyber-incident, but then went on to amend its estimate to 383 million. The guest information compromised in the incident included some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (SPG) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. In some cases, the payment card numbers and their expiration dates were compromised as well. The data could be used in a wide range of attacks, including phishing, social engineering attacks, credit card fraud, and identity fraud. So far, the company has incurred costs of around US$72 million for the breach, but US$71 million has been reimbursed by insurance. However, Marriott might still be looking at a hefty sum in penalties, since the UK data protection authority is looking to serve the hotel chain with a £99 million (US$123 million) fine.

eBay
As one of the world’s largest online marketplaces, most famous for its auction-style sales, eBay probably needs little in the way of introduction. In 2014, the company disclosed that it had been the victim of an attack in which as many as 145 million of its active users were affected. According to the company, the origin of the attack was traced back to the compromise of a small number of employee login credentials. The data compromised in the breach included customers’ PII, such as names, email and physical addresses, phone numbers, and dates of birth, as well as encrypted passwords, all of which could be used in various forms of cyberattacks and attempts to defraud potential victims.

Target
In 2013, Target, one of the largest retailers in the United States, suffered a major data breach that affected more than 41 million customer payment card accounts as well as the contact information of over 60 million customers. The cybercriminals behind the attack were able to access customer names, phone numbers, email addresses, credit and debit card numbers and expiration dates, and encrypted PINs and credit card verification codes. According to Target, the PIN codes were encrypted with the Triple Data Encryption Standard, which would make them difficult to crack. However, using the information gathered from the breach, the cybercriminals could commit credit card fraud and identity fraud. In the aftermath of the incident, Target offered credit monitoring services and settled a US$10 million class-action lawsuit in which it promised to pay up to US$10,000 to any customers who could prove they suffered losses due to the data breach. It also had to pay a multistate settlement of US$18.5 million.

Adult Friend Finder
In 2016 the adult dating and entertainment company FriendFinder Network was breached, exposing over 412 million user accounts. The enormous data breach included 339 million accounts from the AdultFriendFinder.com website as well as 15 million deleted accounts that hadn’t been eliminated from its databases. The data trove consisted of 20 years’ worth of records from the company’s largest websites and included usernames, email addresses, passwords, site membership data, browser information, IP address last used to log in, and even whether the user had paid for any items. It’s worth noting that the passwords, which had apparently been converted to all lowercase, were stored either in the clear or scrambled as a SHA-1 hash, which isn’t a sufficient security measure and most passwords were easily and quickly cracked. While people are more liberal in this day and age, they probably wouldn’t like to advertise their visits or activities on such websites with most probably keeping it secret. Unfortunately, the leaked data would allow black hats to easily target these individuals and use the data to ruin their reputations, blackmail them under the threat of revealing sensitive information they would like to keep hidden, or use the cracked passwords in further credential-stuffing attacks.

To be sure, these are just some of the scary stories the cyber-world has to offer. While they may be uncomfortable to read, these cyber-incidents should serve as cautionary tales for both consumers and companies – that cybersecurity should never be taken lightly.