Intelligent CISO Issue 29 | Page 7

news Lazarus employs multi-platform malware framework in series of attacks aspersky researchers K have uncovered a series of attacks which use an advanced malware framework, called MATA, to target Windows, Linux and macOS operating systems. In use since spring 2018, the framework is linked to Lazarus – a well-known and prolific North Korean APT group. Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer. They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time. In the cases discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS – indicating that the attackers planned to use it for multiple purposes. The framework consists of several components, such as a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins. According to Kaspersky researchers, the first artefacts found relating to MATA were used in or around April 2018. Since then, the actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world. It was utilised for a number of attacks aimed at stealing customer databases and distributing ransomware – software designed to block access to a computer system until a sum of money is paid. LOGRHYTHM RELEASES VERSION 7.5 OF NEXTGEN SIEM PLATFORM AND NEW OPEN COLLECTOR TECHNOLOGY ogRhythm, a company L powering today’s Security Operations Centres (SOCs), has announced the launch of version 7.5 of the LogRhythm NextGen SIEM Platform as well as the inaugural release of its Open Collector technology. LogRhythm 7.5 provides enhanced analyst workflow experiences and visibility, while Open Collector simplifies the process of onboarding cloud data sources for more holistic monitoring. “Organisations produce more data today than ever before, so security teams need comprehensive visibility across their environment,” said Sue Buck, Chief Technology Officer of LogRhythm. “But we also don’t want the amount of data needed for full visibility to ultimately overwhelm analysts. With LogRhythm 7.5, we’re making it even simpler and faster for analysts to get the precise information they need to remediate suspicious or threatening activity.” LogRhythm 7.5 and Open Collector make it faster and easier for security analysts to detect and mitigate threats – no matter their level of experience. “Businesses continue to accelerate their Digital Transformations and adoption of cloud services; with that comes an everincreasing urgency to maintain visibility across hybrid and cloudnative environments,” said Rust Carter, Chief Product Officer of LogRhythm. “Our advancements with Open Collector exemplify our continued focus on delivering analytics and orchestration that simplify management of the organisation’s security posture – especially as it tackles these challenges.” www.intelligentciso.com | Issue 29 7