Monday Morning Impact – March 15

Study: Malware and Exploit Activity are Up More than 57%

Nuspire, a Michigan-based MSSP, has released its latest Threat Landscape Report. Sourced from 90 billion traffic logs, the report outlines new cybercriminal activity and tactics, techniques and procedures.

In addition to increasingly sophisticated and frequent attacks, the Nuspire team observed a massive spike in malware with Visual Basic for Applications (VBA) agent activity, which overshadowed all other malware variants identified throughout the year. The report also found a consistent increase of exploitation events trough 2020 with an overall growth of 116% as attackers continued to leverage newly disclosed vulnerabilities.

“The SolarWinds attack shook the cybersecurity community to its core and should serve as a reminder to organizations small or large that security must be a priority within every aspect of the business,” said Chief Strategy Product Officer John Ayers. “As attack techniques continue to evolve and the frequency of attacks increases, it’s critical for business success to understand the changing threat landscape and how to protect themselves from cyberthreats.”

The report shows a 10,000% increase in ransomware activity—the largest spike in activity that the company has observed to date. Ransomware operators targeted some of the most vulnerable moments in time, including the U.S. Presidential Election, the holidays, and continued to leverage year-long themes, such as the COVID-19 pandemic. Additionally, exploit attacks saw a whopping 68% increment this quarter as a result of a numerous SMB brute force login attempts, activity spiked over 90,000% in bursts throughout the quarter.

Although malware activity was on a slow decline at the beginning of 2020, activity sharply increased in Q4, reaching its highest point through the year in September. VBA Trojans were the most commonly observed malware at 95%, suggesting either numerous malspam campaigns were launched or a large-scale one was instigated by unknown operators. Nuspire expects that VBA agent activity will continue to overshadow other variants as VBA are often the first stage of infection.

Throughout 2020, Nuspire observed a consistent increase of exploitation events with DoublePulsar reigning as the top utilized technique. However, Q4 saw the largest volume of activity in December with SMB Login Brute Force attempts, closely followed by HTTP Server Authorization Buffer Overflow attacks. Botnet and Exploit activity remained fairly consistent throughout the year.

Channel Impact^®
Nuspire’s Threat Report provides data and insight into malware, exploit and botnet activity throughout 2020, including the largest spike in ransomware activity seen to date in Q4. The results underscore the opportunity for both MSSPs and channel partners.

Palo Alto Networks Launches NextWave 3.0 Partner Program

Palo Alto Networks has rolled out a set of significant enhancements, incentives and training to its NextWave Partner Program, commensurate with updates to its integrated platform of cloud, network and AI-driven threat protection products.

The updated program includes three new Prisma SASE (Prisma Access and Prisma SD-WAN, formerly CloudGenix), Prisma Cloud and Cortex XDR/XSOAR specializations. These new specializations include corresponding partner training and certifications. Palo Alto Networks also promises to expand existing deal referral incentives on all products, extending partner-delivered support across more technologies and offering new education credits.

NextWave partners can now resell Prisma Cloud via a two-tier go-to-market strategy.

The update also includes a host of new enablement resources and ways for partners to earn or maintain NextWave status, expanding Certified Professional Services certification to include the new specializations, Technology Education credits and technology adoption discounts.

“The future of our business and that of our partners are fundamentally linked,” said Karl Soderlund, the company’s senior vice president of Worldwide Channels. “The NextWave partner of tomorrow will enable digital transformation for our customers by embracing new technology, offering product-specific expertise, and leading with services.”

Palo Alto Networks NextWave partner program includes approximately 6,500 partners serving 80,000 customers around the world.

Channel Impact^®
Designed to help partners leverage all of Palo Alto Networks technologies, NextWave 3.0 is intended to help partners differentiate their services, build new security expertise and grow profitable businesses as they meet customers’ needs in a dynamic security market.

Devo Technology Unveils New Global Partner Program

Devo Technology, a Cambridge, Massachusetts-based cloud-native security analytics company, has unveiled the Devo Drive partner program for resellers, MSSPs, and global systems integrators. The overall value proposition is focused on data logging and security information and event management (SIEM) solutions.

The Devo Drive partner program consists of three tiers—Silver, Gold and Platinum. The program offers competitive partner discounts and margins and protected deal registration. Partner onboarding includes enablement, sales training, technical training, and joint marketing, as well as pre-sales support from Devo solutions architects to help ensure customer success.

“Devo Drive enables partners to leverage the benefits of the industry’s premier platform for security operations and quickly maximize customer value,” said Gary Pelczar, vice president of business development at Devo. “Devo is gaining tremendous traction in the market as enterprises move beyond the constraints of legacy SIEMs that have long restricted their performance and ability to scale.”

Devo’s cloud-based SIEM provides cost control through its SaaS-based pricing model that charges based on data usage, based on a monthly average.

Channel Impact^®
The pace of digital transformation, accelerated further by the challenges of the pandemic, requires greater levels of automation and advanced analytics for enterprises to counter an ever-expanding threat landscape. This program targets partners looking to augment their security portfolio with SIEM solutions.