Identify, anticipate and respond to any possible computer threat. This is in 2023 one of the great priorities that the ICT departments of companies have. This, in a context in which threats are increasingly sophisticated, varied and persistent, in turn requires a rapid and coordinated response by organizations.

Adding to this situation is the fact that many companies face a lack of resources, tools and visibility to detect and respond to incidents effectively. To respond to these challenges, in recent years the use of the XDR technology (eXtended Detection and Response) which, according to Gartner, is a vendor-specific threat detection and incident response tool that unifies multiple security products (including a minimum of three) into one security operations system. Thanks to this integration of different data sources and security products, company security managers can have a holistic view of their ICT infrastructure, correlate alerts and automate corrective actions.

In this area, WatchGuard has just announced the launch of ThreatSync, a complete XDR solutionwhich is included as part of the company’s Unified Security Platform® architecture and extends this technology to product families WatchGuard Network and Endpoint Security.

As explained by the company, WatchGuard ThreatSync equips organizations with XDR capabilities to centralize detections between products and orchestrate automated response to threats from a single control panel. This enables cybersecurity to be simplified while improving visibility and response to threats across the organization faster, reducing risk and cost, and delivering greater accuracy.

On the other hand, for MSPs and partners, XDR reduces the staffing burden by enabling teams to share knowledge from a single security platform. At the same time, XDR increases protection and improves results by combining different security layers. In three steps, Watchguard offers:

• Unified Threat Visibility: ThreatSync increases accuracy and speeds detection by automatically unifying threat data from across the entire WatchGuard security stack into a single interface, with a UX geared toward incident responders.
• Unified threat detection: ThreatSync provides extended detection capabilities by correlating data from different layers of protection in the security stack that indicate the presence of threat actors.
• Unified Threat Response Orchestration: When security experts and IT administrators have the information they need, it’s easy to respond quickly, even if the device isn’t physically available.

Finally, it’s worth noting that ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard EDR and EPDR products. The more WatchGuard products you have, the more visibility and expanded XDR features you have access to.

To learn more about what’s new from WatchGuard and its strategy to help companies have more visibility on all kinds of threats, we recommend that you don’t miss the participation of Guillermo Fernández (Iberia Sales Engineer Manager of WatchGuard) on March 22. at the round table “New challenges in security of the hybrid workplace” to be held within the framework of the ASLAN fair at the Palacio de Congreso in Madrid. In addition, that same day, you can also attend a presentation by Juan Manuel Castaño (Sales Engineer for the South of Iberia at WatchGuard): “XDR: new term for a well-known concept.” Also, you can visit the booth 44 of the company at the event.

After the announcement of the bankruptcy of Silicon Valley Bank (SVB) on March 10 and the absolute control of its administration by the California bank supervisory body, the alarms have not stopped going off. Some for fear of other financial entities to be in a similar situation, because it is the second largest US bank failure since 1970and others because hackers used this situation to attack.

In the prestigious list of ‘Forbes’ magazine on February 14, the 50 best banks in the US were published, with Silicon Valley Bank occupying the rank number 20. It must be taken into account that there are 4,213 banks in the country, which gave it a preferential position.

But the problems worsened for the financial entity, and taking advantage of the fears of insecurity that the crisis has aroused in one of the largest US lenders, hackers have begun to attack cryptocurrency-related phishing attacksspecifically with the USD Coin (USDC)a price-stable digital currency pegged to the USD.

The keys to cyberattack

Following this, proof point has determined, through a rigorous study, that the bankruptcy of SVB goes hand in hand with a unprecedented phishing attack. Scammers have sent messages posing as brands in the crypto world to claim their coins or exchange them for US dollars. These actions began after Circlethe company behind the USDC cryptocurrency, announced that it had cash reserves in SVB.

Now the hackers started using a lure that promised the victim to exchange their USDC for dollars. at a ratio of 1:1 and then induce the victim to install a Smart Contract to transfer the contents of your wallet to the attacker.

Undoubtedly, cybercriminals have taken advantage of the emotions and fear that exists among users to exploit vulnerabilities. For this reason, Proofpoint urges those who handle information or financial transactions to be cautious in the face of any suspicious messages they receive.

The keys to bankruptcy

After the great financial crisis of 2008, that of Silicon Valley Bank may end up affecting thousands of citizens and companies. In fact, the Federal Reserve, the Treasury Department and the US regulatory body have announced that they will intervene so that the bank can guarantee the payment of all your deposits and that the problem spread to the entire financial fabric.

For now, the ‘domino effect’ has ended up hurting other banks such as SignatureBank of New York and the Silvergate Bank, two companies characterized by granting loans to cryptocurrency companies. To this we must add that the bankruptcy of the SVB has caused the bank of england has sold the UK subsidiary to HSBC bank in exchange for a pound sterling.

The problem of the SVB comes from the fact that the entity has always been characterized by financing emerging companies in the technological field, it was a start-up bank. The loan-to-deposit ratio was very low and all the excess was invested in Treasury bonds and government debt at a time when interest rates were very low and the value of the bond was very high.

However, the rise in interest rates, the fear of a recession and the slowdown in the market have made it difficult for the financial institution to operate. announced the sale of 21,000 million dollars in securities, with a loss of 1,800 million and a plan to raise 2,250 million in capital. His idea was sell 1.250 million dollars in ordinary shares and others 500 million in preferred shares, in turn sealing an agreement with the fund General Atlantic and sell another $500 million in common stock. By withdrawing their funds, start-up owners its shares fell on the stock market by 60%.

On March 10, the Federal Deposit Guarantee Corporation (FDIC) took control of all SVB deposits, covering them up to $250,000, as required by law. The problem is that the funds in the SVB are larger, since they belong to large technological start-ups and 95% of these were uninsured.

The FDIC will pay uninsured depositors an early dividend with a certificate of judicial administration that collects the remaining amount, resorting to a systematic risk exception.

GoDaddythe Internet domain registrar and web hosting company, has recently released a new report (10-K required annual report) on its balance sheet for the year 2022 and leaves a series of revealing data.

The most striking is that he confirms having suffered, for several years, that a group of attackers stole the company source code and login credentials of customers and install a malicious malware. In this way, a significant commitment to cybersecurity would have been enshrined.

His vulnerability was exposed to the United States Securities and Exchange Commissionexpressing that since the outbreak of the pandemic the company had perceived a considerable increase in cyberattacks on its customers. According to internal investigations, it could be a same sophisticated group capable of obtaining, through specific malware, code fragments related to some services within GoDaddy.

On this occasion, the last attack consisted of a url forwarding, which is defined as a flawless feature of HTTP (the hypertext transfer protocol). The goal is to change the company’s primary domain name but keep all the old links alive.

the origin of everything

In March 2020, the unknown threat actor made GoDaddy its target of choice. He managed to obtain access codes to employee and hosting accounts from some 28,000 clients approximately. It’s true that at the time they were unable to access the customers’ main GoDaddy account, but it was a major red flag for the entire internal business structure. In fact, the Federal Trade Commission issued the infringement statement between July 2020 and October 2021.

On November 22, 2021, GoDaddy detected a new incident from the same group of cybercriminals, which was announced on the 22nd of that month. On that occasion, the hackers obtained a password that gave him access to the source code of the WordPress service managed by the company.

Since September of that same year, the unauthorized party used the access to get login credentials for WordPress admin accounts, FTP accounts, and email addresses for 1.2 million Managed WordPress customers.

The last attack, in December

hosting servers cPanel, used by customers to manage websites hosted by GoDaddy, received malware that redirected the websites of several of their customers to random sites. Everything was done through phishing campaigns, malware distribution and other malicious activities.

Although the largest cyberattacks began in 2020, isolated episodes of security flaws and vulnerabilities that have put GoDaddy-hosted sites in jeopardy have occurred years ago.

that was how in 2019 a misconfigured domain name system service at GoDaddy allowed hackers to hijack dozens of websites owned by Yelp, Mozilla, Expedia and others, using them to post a ransom note threatening to attack several buildings and schools.

Similarly, that same year, an investigation found that hundreds of customer accounts had been blocked to create 15,000 websites dedicated to posting *text muted* in charge of promoting weight loss products and miracle diets.

It is curious as a company of the size of GoDaddy, one of the largest domain registrars in the world, with almost 21 million customers and an income of almost four billion euros in 2022you can have security systems so vulnerable to access by hackers.

However, the company has publicly apologized and has assured through an official statement: “We are using the lessons of this incident to improve the security of our systems and further protect our customers and their data.”