DeceptiveBytes

🚀 Last week, our very own Hen Lamay proudly represented Deceptive Bytes at Synergy7’s “No Deal” event - a gathering of Israel’s top cybersecurity professionals, focused on the relentless fight against ransomware. Deceptive Bytes stops ransomware in its tracks - proactively, not reactively: ✅ Before recovery efforts even begin ✅ Before the ransom note appears ✅ Before a single file is encrypted ✅ Before any data is stolen or exfiltrated ✅ Even 6 months before the attack is launched 💡 Prevention is the ultimate protection. Stop ransomware before ransomware stops your business. #NeverLetYourBusinesswn #DistortRansomwarePerception #ActiveRansomwarePrevention #CyberProtection #RansomwareProtection #RansomwarePrevention #infosec #cybersecurity #informationsecurity #secops

BlackSuit #ransomware extortion sites seized in #OperationCheckmate While these headlines are always encouraging, it is a drop in the sea of malicious activities being dismantled by law enforcement agencies around the world. This means that organizations can't sit around and wait for LEA to stop threat actors, they need to stay proactive by investing on building their ransomware prevention capabilities soon rather than later! Learn how prevent ransomware 6 months before the attack even begins, contact us directly 📨 Read more about the seized sites here ⬇️ bleepingcomputer.com/news/security/… #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveRansomwarePrevention #CyberProtection #RansomwareProtection #RansomwarePrevention #infosec #cybersecurity #informationsecurity #secops

🚀 Exciting News from Deceptive Bytes! 🚀 We’re thrilled to unveil our fresh new branding and enhanced offerings! While our core technology—trusted by organizations worldwide—remains as robust as ever, our new look and expanded solutions reflect our commitment to innovation and resilience in cybersecurity. This launch marks a new chapter for Deceptive Bytes, empowering businesses to stay ahead of evolving threats with confidence and clarity. Thank you to our partners, clients, and team for being part of this journey. Stay tuned for more updates as we continue to shape the future of cyber defense! deceptivebytes.com #DeceptiveBytes #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointProtection #CyberProtection #RansomwareProtection #infosec #cybersecurity #informationsecurity #secops

Getting a ransomware note, doesn't mean the attack has started. It begun 6 months ago with a minor alert that was cleaned by automation or was ignored in the midst of more important alerts that were triaged and handled by the security team. What are the questions that come into your mind ⁉️ We have a few: * How long was the malware present in the organization? * How much data did it steal? * How will it affect the organization? * How long will it take to recover from this? Using proactive & preemptive solutions can minimize the attack surface, break the ransomware logic and prevent the attack 6 months before it can even begin 🛡️ To learn more about preventing ransomware before *any* damage is done, contact our team 📨 #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops

This was no April fools joke: "65% of the 100 largest US hospitals and health systems have had a recent #databreach" Well, this is very alarming, a new study finds that leading U.S. healthcare institutions are failing to protect sensitive medical information, with most institutions ranking very low on security metrics. 🔑 Key findings: - 79% of institutions received a D or lower score on their cybersecurity rating. - 30% of institutions were found to have critical vulnerabilities in their computer systems. - Another 42% have high-risk vulnerabilities. - Only 5% of institutions received an A (low risk) rating. 🚨 Common security weaknesses: - All institutions (100%) have issues with SSL/TLS communication security. - 82% of institutions found vulnerabilities in servers and computing infrastructure. - Employee login information was leaked at 77% of institutions. - 27% of institutions are vulnerable to predictions In email systems. - 17% of employees use passwords that have been previously exposed in data leaks. 📃What are the takes from this study: 1. Cyber security should get more attention both by stakeholders and users. 2. Computer infrastructure should be improved to accommodate better security controls to prevent data breaches, adding the right tools can make a significant impact. 3. MFA/2FA should be implemented across the board. 4. Security teams should enforce changing compromised password for users. 5. Users should be better educated about security risks and cyber hygiene. #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops cybernews.com/security/us-ho…

Thanks to worldwide outage by one of the leading #EDR vendors in the market, Microsoft is now testing a new capability to remotely fix boot crashes. What happened? When the EDR vendor updated one of their kernel based modules, it caused #BSOD and rendered millions of endpoints useless. This required their customers & partners to manually fix each endpoint from the bad update. What's new? Microsoft has started rolling out a test version of a new tool that would help automate this manual work into remote boot fixing in case such an event happens again. Organizations utilizing Windows 11 Pro/Enterprise will be able to configure this capability using RemoteRemediation CSP. But the underline issue remains the same, when a bad update happens again to kernel based security solutions, it will require to delete the update and remain vulnerable to the attacks they were suppose to mitigate! To stay protected without relying on just kernel based solution, Deceptive Bytes developed its #ActiveEndpointDeception in user mode so you'll #NeverLetYourBusinessDown. This also makes the solution very lightweight in addition to being very effective against various threats 🛡️ #DistortRansomwarePerception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/microsoft…

UK fines software provider £3.07 million for 2022 #ransomware breach "The UK Information Commissioner's Office (ICO) has issued a £3.07 million fine on Advanced Computer Software Group Ltd for a 2022 ransomware attack that exposed the sensitive personal data of 79,404 people, including National Health Service (NHS) patients." What are some key takes from this incident? 1. MSPs are not immune to faults, it's always good to have 3rd party assessments in case sensitive information is processed or managed. 2. Regulations help reduce potential attacks or fines in case of a successful one. Though it has its burdens, making sure that all the checks are ticked makes sure the organization is covered in various scenarios. 3. Setting up basic security measures is a must. If Advance had tested their security or made sure that proper security measures (like MFA/2FA) were in place across all their environments & tools, it could have prevented the attack or at least made it harder to penetrate their defenses. 4. Unlike previous incidents, it's the first time a data processor is imposed by a fine, which means they should also take the same measures to secure their environments as data controllers Hopefully, such incidents are lessons learned for other organizations to increase security and make sure that they're aware of the potential of mishandling private information. To help prevent the next Lockbit attack, or any other ransomware, Deceptive Bytes stands on guard to secure your environment 🛡️ Contact us for more information 📨 #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

Pennsylvania education union #databreach hit 500,000 people How long does it take to investigate a data breach? It seems that in this case it took from July 6th till February 18th, which is approximately 227 days to fully understand how the breach has occurred, recover from it and notify various stakeholders about it. Do organizations even have the time, money and resources to deal with just 1 incident for 227 days? When it comes to such ransomware attacks, preventative solutions are not only a good thing to have in your arsenal, but a must! Ransomware prevention is a key to keep business continuity, ensure no data is exfiled and allow the organization to focus on their employees and customers. To learn how to prevent the next ransomware attack, so you'll never let your business down, contact us 📨 #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

Some good news to start off the week: New Akira #ransomware decryptor cracks encryptions keys using GPUs "Security researcher Yohanes Nugroho has released a decryptor for the Linux variant of Akira ransomware, which utilizes GPU power to retrieve the decryption key and unlock files for free." Yes, it's one of many bad actors to overcome but at least anyone affected by Akira can try to recover his environment without paying a hefty price to recover and help fund the next victim. This shows how important research is, in the world of cyber security; this is how we find ways to overcome various threats and this how we find such tools to get back our data back! There are other tools you can find here nomoreransom.org/en/index.html If you want to learn about cutting edge research in cyber security and how to prevent the next ransomware attack, contact us directly! 📨 #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

Another novel way for threat actors to circumvent security measures: Ransomware gang encrypted network from a webcam to bypass EDR 5 years ago, Ragnar ransomware used the same concept by creating a Windows XP based VM to encrypt shared network drives, but using an unsecure webcam is an evil-genius approach. To limit the effect of such attacks, here are a few tip we gathered: 1. Limit access to IoT devices to the network, no need for cameras to access desktop devices besides the security of the organization. 2. Segment networks to smallest as possible, ransomware can be effective if it reached more than 50% of the organization and stolen/encrypted any valuable data. 3. Monitor suspicious activity from across networks and devices, if someone/something accessed/queried about different devices, PCs or servers it shouldn't have, maybe extra precaution is needed! 4. Limit shares, block creating new ones and delete default shares on Windows based machines which can be used for such attacks 5. Limit remote access to internal assets in the organization. Use a VPN, MFA and other security measures to increase the overall security when connected remotely. 6. Block unused ports and change default ports where possible so threat actors won't be able to easily use different tools that are used as part of these attacks. #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

Let's get things straight, identifying the attack as it happens or shortly after is considered detection, if you stop it before anything happens, it's prevention. Plain and simple! 🛡️ When it comes to the security of your organization, don't settle for detection, prevent ransomware before it becomes a full-fledged attack! To learn how prevent malware in the pre-execution phase of the attack, contact us directly 📨 #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops

Who doesn't like a good #BYOVD attack? #Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks "You can check if the blocklist is enabled by going to Settings → Privacy & security → Windows Security → Device security → Core isolation → Microsoft Vulnerable Driver Blocklist and making sure the setting is enabled." Don't let vulnerable drivers ruin your operations, organizations can enable this feature via GPO or other tools that control Windows security features. Why do BYOVD attacks are increasing? 1. Some drivers used in these attacks are signed by Microsoft 2. They operate in the lowest level of the OS (kernel-mode), providing full access to the endpoint 3. They go under the radar of traditional security tools, including EDRs and EPPs * Stay vigilant for these vulnerabilities and patch/block these threats as soon as you encounter * Beef up security and enable features that block such attacks * Follow the news and/or security resources that disclose such vulnerabilities as soon as they're discovered! #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

This is the reason you have to invest in #cybersecurity solutions and professionals like you invest in insurance for your business: Southern Water says #BlackBasta #ransomware attack cost £4.5M (~$5.7M) in expenses Even if Sothern Water paid the alleged $1M to Black Basta to remove their leaked data, it also means they paid ~$4.7M to recover from this incident! 📃 Do a regular cyber assessment to see where your blind spots are, tighten your security accordingly 🚨 Plan for worse case scenarios, a good plan is better than no plan 🛠️ Backup your environment in offline manner, recovery could be faster and easier 🦸 Invest in security personnel or managed services to close the talent gaps in your organization ℹ️ Add cyber insurance to your organization, activate upon successful attack.. it's not just to tick the box, your insurance can help with IR, negotiation and other aspects of the incident Cyber security is not just another line in your 2025 budget, it's a necessity to keep business continuity and prevent such cases. Let's join forces and prevent the next cyber-attack! 🛡️ #NeverLetYourBusinessDown #DistortRansomwarePerception #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #informationsecurity #secops bleepingcomputer.com/news/security/…

US #healthcare org pays $11M settlement over alleged #cybersecurity lapses HNFS has failed to take the following measures: 🖨️ Scan for n-day vulnerabilities in its systems and apply fixes in a timely manner. 📃Consider the findings of auditing reports highlighting cybersecurity risks and take action to remediate them. 🔥🧱 Implement industry-standard assets management, access controls, firewall protections, and patch management. 🚫Avoid using outdated hardware and software. 👥 Follow strong account password policies. Sometimes even the simplest steps can make a difference especially to organizations' pockets. Regulations are used to cover the basics when it comes to cybersecurity protection but the need for more advance solutions is still out there. Contact us and discover how you can implement more than the basic industry standard when it comes to your endpoint protection, so you'll never let your business down! 🛡️📨 #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

#CISA and #FBI: Ghost #ransomware breached orgs in 70 countries It is mind-boggling to see the effect of one ransomware gang, wreaking havoc in 70 countries and its ability to continue in exploiting vulnerabilities that were already addressed. Here are few tips from the article "To defend against Ghost ransomware attacks, network defenders are advised to take the following measures: 1. Make regular and off-site system backups that can't be encrypted by ransomware, 2. Patch operating system, software, and firmware vulnerabilities as soon as possible, 3. Focus on security flaws targeted by Ghost ransomware (i.e., CVE-2018-13379, CVE-2010-2861, CVE-2009-3960, CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), 4. Segment networks to limit lateral movement from infected devices 5. Enforce phishing-resistant multi-factor authentication (MFA) for all privileged accounts and email services accounts." These are all things that we mentioned in the past that will make your environment a bit more resilient to ransomware attacks but won't completely protect against them. It is vital for organizations to increase security measures on all fronts (network, gateway, cloud and most importantly, endpoints), have contingency plans in case of various attack scenarios and keep a defense-in-depth mindset to be able to stay truly resilient. #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…

#MissionBank Files Notice of #DataBreach with California Attorney General Banks that get hit by #ransomware and data breaches can get a great deal of financial lost, by the bank and by its customers who can fall victim to threat actors as well. The bank notified all stake holders and customers, which is the right thing to do. They should also avoid paying any ransom and make sure to assist any of their customers avoid any downfall by this attack. Similar to the suggestions in the link article: databreachclassaction.io/blog/guide-for… How can banks and other financial entities better secure their assets? 👥 Employee training on cyber hygiene is essential to keep them updated on latest threats. 🛜 Keep the network segmented and accessed only to authorized personal. 📲 Harden the environment with MFA/2FA to minimize capabilities of threat actors to access anything with compromised passwords. 🛡️ Improve cyber resilience by implementing defense-in-depth strategies and multi-layered approach, especially on the endpoints which is the most vulnerable aspects of the organization's environment. 📨 Contact Deceptive Bytes to help in ransomware prevention using our patented prevention technology #ActiveEndpointDeception #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops jdsupra.com/legalnews/miss…

🎄✨ Merry Christmas from Deceptive Bytes! ✨🎄 As you celebrate this joyous season, we want to thank our valued customers, partners, and community for your trust and support throughout the year. Your collaboration drives us to innovate and deliver among the best in endpoint security, keeping your world safe and connected. This Christmas, we wish you and your loved ones peace, happiness, and a cyber-safe holiday season. May 2025 bring even greater success and stronger partnerships! 🎅🎊 #MerryChristmas and a Happy New Year! 🎊🎅 #MerryXmas #HappyNewYear #HappyHolidays

⚠️ Your Linux environment needs attention! ⚠️ New stealthy Pumakit Linux #rootkit #malware spotted in the wild The malware is a multi-component set that includes a dropper, memory-resident executables, a kernel module rootkit, and a shared object (SO) userland rootkit. ☑️ Payload dropper ✅ Privilege Escalation ☑️ System hiding ✅ Persistency ☑️ In memory attacks ✅ Rootkits ☑️ Code injection and system calls interception ✅✅✅ System behavior manipulation All of these tactics are designed to bypass any ability for your security tools to discover the threat quickly and mitigate it. This helps threat actors to gain a footprint in the environment fast while staying stealthy. It's not only imperative to detect such behaviors but to prevent them before attackers gain unlimited access to the environment, this is where preemptive cyber defense kicks in and stops threats before they become full-fledged attacks. Even in Linux environments, Deceptive Bytes' #ActiveEndpointDeception creates a dynamic and deceptive environment where malware can't operate, rendering such attacks useless in seconds. To learn how to stop stealthy and evasive malware, contact us 📨 #EndpointDeception #ActiveDeception #PreventionByDeception #Deception #DeceptionTechnology #CyberDeception #infosec #cybersecurity #informationsecurity #secops bleepingcomputer.com/news/security/…