CodeHunter has recently launched its integration with SentinelOne to provide customers with automated detection and analysis of advanced unknown malware threats.
While it is crucial to err on the side of caution, the prevalence of false positives can have significant ramifications for cybersecurity teams and overall organizational efficiency. A false positive occurs when a security system incorrectly identifies benign activity as malicious. A cybersecurity system like an Endpoint Detection and Response (EDR) platform or a Secure Email Gateway (SEG) flags an activity as a potential threat based on predefined rules, patterns, and algorithms. Due to the ever-changing and complex nature of cyber threats these rules and patterns are not foolproof. Many rely upon an updated catalog of known threats, leaving security teams dependent on information outside of their control. The National Vulnerability Database, for example, is so inundated with new threats that 75% of vulnerabilities submitted in 2024 have yet to be processed.
Resource Drain – Investigating false positives requires time and effort. Security teams often need to manually inspect and validate each alert, a time-consuming process. This diverts resources away from investigating genuine threats and proactive security measures.
Alert Fatigue – When security personnel are bombarded with false positives, they may become desensitized to alerts. This alert fatigue can cause legitimate vulnerabilities to be missed due to the sheer volume of flagged files to process.
Operational Disruption – Frequent false positives can lead to unnecessary disruptions in business operations. For example, when a legitimate file is flagged as suspicious business productivity slows as the security team works through the more recent alerts before realizing there is no real cause for suspicion.
Reduced Trust in Security Systems – Over time, a high rate of false positives can erode trust in cybersecurity systems. Security personnel might start to ignore alerts, assuming they are false, undermining the effectiveness of their organization’s security infrastructure.
Several factors contribute to the prevalence of false positives:
Overly Sensitive Detection Rules – Security systems with highly sensitive detection rules are more likely to flag benign activities as threats. While this sensitivity can help in detecting new or evolving threats, it also contributes to a greater alert workload.
Lack of Context – Many security systems operate without the full context of user behavior and organizational norms. Without this context, distinguishing between normal and abnormal file behavior becomes challenging.
Evolving Threat Landscape – The constantly changing nature of cyber threats means that detection rules need to be continuously updated. Maintaining this pace can be difficult, leading to outdated rules that misclassify activities.
Addressing the issue of false positives requires a multi-faceted approach:
1. Improving Detection Algorithms: Advanced machine learning and artificial intelligence can enhance the accuracy of threat detection systems. By learning from historical data and contextual information, these systems can better differentiate between legitimate and malicious activities.
2. Tiered Alerting Systems: Implementing a tiered alerting system can help prioritize alerts based on their severity and likelihood of being true positives. This approach allows security teams to focus their efforts on the most critical alerts first.
3. Regular Updates and Tuning: Continuously updating and tuning detection rules based on the latest threat intelligence can help minimize false positives. Security teams should routinely review and refine these rules to adapt to the evolving threat landscape.
ISC2 notes that only 52% of cybersecurity professionals believe that their organization has the tools and people needed to respond to cyber incidents over the next 2 to 3 years. That’s not good news for security teams already struggling to keep up with the daily warnings generated. So, what can be done to make the influx of alerts more manageable?
It’s no secret that having an active cybersecurity defense system is necessary to protect organizations from rampant cyber threats. Platforms like SentinelOne scan company environments at scale, running pattern-matching algorithms with rules informed by publicly known threats, threat actors, and their tendencies. Unfortunately, this abundance of caution comes with an abundance of alerts, far more than the typical security team can handle. That’s where CodeHunter comes in. CodeHunter’s threat hunting engine automatically analyzes flagged files at scale and at speed, producing actionable intelligence in a fraction of the time it takes to manually reverse engineer malware. CodeHunter’s SentinelOne integration relieves security teams of the burden of investigating every warning to the fullest, supplying in-depth analysis to support timely response and remediation processes. Because CodeHunter doesn’t rely on pattern matching to identify malware, it properly assesses alerts raised by other systems to determine if the behavior is actually suspicious or just a false positive caught by an overly sensitive algorithm.
Learn how CodeHunter can maximize your SentinelOne investment by minimizing false positives here.
In today’s digital age, cybersecurity has become paramount for organizations of all sizes. The demand for cybersecurity professionals has surged dramatically due to the growing number and complexity of cyberattacks. But supply has not met demand, as cybersecurity is not a widely popular education choice and is commonly one of the most dropped majors in college. In 2023 there were roughly 4 million cybersecurity professionals needed worldwide. The profession needs to almost double to be at full capacity.
In the ever-evolving landscape of cybersecurity threats, phishing is one of the most pervasive- and successful- attack vectors. This technique preys on human fallibilities rather than exploiting technical vulnerabilities, making it particularly challenging to defend against. According to IBM social engineering, the use of deceptive techniques to trick individuals into divulging sensitive information, accounts for 29% of breaches.
In today’s digital age, the idea of achieving absolute cybersecurity might seem like the Holy Grail. Businesses pour millions into advanced security systems, train employees rigorously, and implement best practices to shield themselves from cyber threats. Yet, the harsh reality persists, cybersecurity breaches are inevitable. Instead of clinging to a zero-tolerance mindset, organizations must pivot towards a strategy focused on resilience and damage control. When a breach happens, and it will, an organization’s ability to restore their mission critical systems and maintain business continuity will be critical to its success.
A recent study reveals that widely available AI agents had an 87% success rate at exploiting zero day vulnerabilities. Researchers from the University of Illinois Urbana-Champaign unleashed Open AI’s latest GPT-4 on a database containing zero day vulnerabilities without existing patches or bug fixes. While the majority of open-source scanners could not even detect the vulnerabilities, the advanced chatbot was able to autonomously exploit the flaws armed only with a basic description of their characteristics. The necessary information includes the Common Vulnerabilities and Exposures (CVE) description of the flaw, as well as additional information provided through embedded links.
Zero-day malware is called such because it takes advantage of zero-day vulnerabilities, which are newly discovered flaws that have yet to be patched. The time when the vulnerability is discovered is referred to as “Day 0”. These vulnerabilities provide cyber attackers with a window of opportunity to launch their attacks, often catching victims- and their security systems- off guard. In the time that it takes for a patch to be deployed across an entire enterprise malware can already be siphoning critical information from your system.
The probability of falling victim to an advanced malware attack, including zero-day exploits, multi-part malware, and custom attacks continues to rise. Cybercriminals persist, finding new ways to find their way into “secured” corporate networks, and tools like malware-as-a-service have made it easy to launch sophisticated attacks for even the most novice of threat artists. For organizations to stay ahead of a breach, a multi-layered cybersecurity practice that combines a robust defense-in-depth strategy with cutting-edge technologies like automated threat detection and reverse engineering malware analysis is critical. Read more
Malware-as-a-service (MaaS) poses a serious threat to enterprise organizations. MaaS functions much like any other software-as-a-service you may be familiar with, and in some cases even comes with technical support. Hackers develop complex malware systems that can be easily purchased by even the most novice of cybercriminals, who can then launch sophisticated attacks against individuals and businesses. Malware-as-a-service democratizes cybercrime, providing any run-of-the-mill criminal with the expertise of an experienced hacker, drastically increasing the average strength and sophistication of a malware attack. Read more
The cybersecurity industry is booming with job openings, but organizations don’t have the talent to fill them. Over a third of the 1.8 million cybersecurity jobs in the U.S. go unfilled due to lack of skills and expertise — generating a talent gap that could fill Yankee Stadium thirteen times over. (That’s 18 times the amount of seats in Fenway Park for you Red Sox fans.)
Meanwhile, cyberattacks keep increasing in frequency and sophistication. By 2023, the number of global malware attacks is projected to reach over 1.4 billion — and that’s just known malware. It’s impossible to predict the real impact of new threats in the years to come.
With such an overwhelming demand for talent and innovation, you would assume that the path to employment would be streamlined. But that’s far from the reality.
The cybersecurity industry is difficult to break into, workers report high levels of burnout, and too few employers offer room for career advancement. Without industry-wide solutions to bridge the talent gap, cybersecurity teams won’t keep up with rapidly evolving threats.
Most cybersecurity positions require at least a bachelor’s degree and three or more years of experience. That includes entry-level positions. Meanwhile, computer science has one of the highest dropout rates in higher education, meaning fewer potential candidates are heading into IT in the first place, let alone cybersecurity.
Assuming a potential new hire has graduated with a bachelor’s degree in computer science — and even with a cybersecurity certificate or two — landing a cybersecurity job worth the effort is a difficult task. Breaking into the cybersecurity field is often unclear, and navigating a cybersecurity career path can be just as confusing.
Cybersecurity is constantly changing and evolving to face the latest threats and meet new and stricter standards. That means the learning curve gets steeper and more complex with time. It’s harder for every fresh wave of college grads to gain a foothold. And when they do, the workload is heavy and demanding, with too few rewards to keep skilled workers around for the long haul.
The people who do manage to break into the industry often find that it’s a far more demanding job than they might have anticipated. Notorious for overwork and burnout, cybersecurity jobs are not for the faint of heart. Cybersecurity professionals are often ignored when things go right and villainized when things go wrong.
CodeHunter CEO Larry Roshfeld applies this exhausting thought to the cybersecurity industry as a whole: “The thing about being responsible for cybersecurity is that we know we can’t win; the best we can ever hope for is not to lose.”
The fatigue that comes with this line of work shows in the numbers. Over half of surveyed IT security professionals said they or someone they knew left their job due to overwork and burnout or worked with someone who has. Additionally, 60% of employers report difficulties retaining qualified cybersecurity professionals.
These obstacles have created a skills gap that’s become increasingly difficult — and increasingly urgent — to overcome. If there aren’t enough opportunities for new hires to learn and grow, the current generation of cybersecurity professionals won’t have anyone to pass the baton to.
Employers must balance expectations, workers’ well-being, and industry demands from multiple angles. To lead the way, the cybersecurity community can do the following:
While all of the above would set up the cybersecurity industry for a brighter and more robust future, none of those things will make a difference overnight — and we still need viable solutions now.
Even if we could hire armies of well-trained cybersecurity professionals, we would still be outnumbered by constantly evolving threats and increasingly sophisticated cyberattacks. We need solutions that help workers efficiently face threats at scale — and we needed them yesterday.
CodeHunter helps bridge the talent (and numbers) gap in cybersecurity with automated threat detection and analysis. It rapidly identifies otherwise undiscoverable threats and saves organizations precious time to discovery, resources, and man hours.
Learn more about the scale of the issue and how CodeHunter can help tackle it.
Advances in the IoT medical devices market are rapidly innovating how we treat patients, often to a remarkable effect. Layering robotics with medicine and factoring the Internet of Things (IoT) into patient monitoring has opened up a new world for medical treatment, supporting remote patient care. The healthcare IoT market surged throughout the pandemic — and is expected to rise at a rate of 25.9% to $446.52 billion by 2028.
However, there’s a catch: Many IoT medical devices are hackable, and compromised devices can lead to catastrophic patient outcomes.
While advanced IoT devices change how patients receive care, recent history sheds light on escalating cyber risks. In 2017, WannaCry ransomware infiltrated outdated Windows systems, entering 70,000 devices across National Health Services hospitals in England and Scotland. Ambulances stalled, hospitals closed, and patient monitoring was disrupted, delaying care and threatening lives.
Lessons from history are often repeated — and sometimes escalated. Gartner predicts that by 2025 attacks on operational technology (OT) environments linked to medical IoT devices will be hacked and weaponized during cyberattacks with the intent to cause physical harm or even death — costing over $50 billion per year.
Keeping a close eye on IoT medical devices and their cybersecurity risks is a matter of life or death.
Tread cautiously with these seven IoT medical devices:
In 2001, Professor Jacques Marescaux used telesurgery and robotics from his offices in New York to perform a cholecystectomy on a 68-year-old woman in France. Since then, experts in robotics and medicine have worked around the clock to make telesurgery a viable option for anyone.
While telesurgery and robotics are most often used while the surgeon is in the same room as the patient, operating over a secure hardwire, surgeons will eventually use them to intervene during situations that are unsafe for humans (like battle scenes, chemical fires, earthquake rescue missions, and pandemics). But there’s a catch: Treatment will likely occur over insecure networks — and cybercriminals can easily infiltrate them. During research at the University of Washington, The Raven II, a telesurgery robot, was easily hacked. Even a tiny interference could have deadly consequences in actual practice.
Imagine you’re lying in a hospital bed after surgery, blissfully unaware of your body’s distressed state thanks to the IV drip of painkillers. And then you suddenly wake up to excruciating pain because someone hacked into the network and shut off the infusion pump — or even worse, you don’t wake up at all because a hacker doubled the rate of flow.
Cybersecurity researchers revealed vulnerabilities that could lead to such an overdose when they hacked into the B. Braun Infusomat Space Large Volume Pump and B. Braun SpaceStation. Ironically, these IoT devices have a locked-down software design with thoughtful security features that are intended to keep patients safe from hackers. Researchers found an easy loophole: They hacked into the hospital’s network and exploited a common connectivity vulnerability, which allowed them to compromise the security of the B. Braun infusion pumps. “Successful exploitation of these vulnerabilities could allow a sophisticated attacker to compromise the security of the Space or compact plus communication devices, allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution,” announced B. Braun in a security statement.
Medical device company Medtronic issued an urgent recall of their insulin pump controllers thanks to researcher Jay Radcliffe discovering connective vulnerabilities, potentially allowing an attacker to overdose the user. And it’s not the first time hackers have exploited vulnerabilities in Insulin Pumps: Back in 2016, Johnson & Johnson announced that one of its insulin pumps could be hacked, possibly overdosing the patients. The solution? Users were asked to disable a remote control feature, patch a vulnerability, and program the device using a maximum insulin release setting. (Now imagine your grandparent was using the insulin pump, and had to take each of those steps to stay safe.)
According to the 2020 Unit 42 IoT Threat Report, a shocking 83% of hospital imaging devices run on unsupported operating systems — an easy entry point for malicious actors.
In 2020, researchers from CyberMDX found critical vulnerabilities attributed to default global credentials used in management software that affected over 100 radiology tools from GE (including molecular imaging devices, mammography devices, MRI machines, CT and PET Scans, advanced visualization, ultrasounds, and X-rays). “Successfully exploiting the vulnerability may expose sensitive data — such as protected health information (PHI) — or could allow the attacker to run arbitrary code,” researchers explained. And this could “impact the availability of the system and allow manipulation of PHI.”
Several months ago, researchers at Nozomi Networks Labs discovered five new vulnerabilities in patient monitoring systems. Health monitors track a patient’s vitals and alert staff should anything go wrong — and these monitors are particularly vulnerable to attacks because they’re connected to the more extensive communications network and have large attack surfaces. A hacker could change settings, obscure the displayed data, or silence alarms, leaving patients in urgent need without help.
Doctors use digital smart pens to prescribe medications and then swiftly transmit them to pharmacies — along with a patient’s sensitive information, including their name, address, and health records. Security researcher Saurabh Harit of Spirent SecurityLabs revealed that it’s entirely possible to reverse-engineer the pen and uncover all that information. Even worse, a digital smart pen could serve as an entry point into a larger operating system — and cybercriminals could potentially access databases with patient records.
The U.S. Department of Homeland Security released a medical advisory statement exposing the vulnerabilities in several pacemaker models. Dick Cheney famously had his pacemaker modified back in 2007 to protect against a virtual assassination.
Hospital staff can protect themselves and their patients by following cybersecurity hygiene basics, keeping software and virus protection up-to-date, running vulnerability assessments and adopting zero-trust policies, modernizing legacy systems, training staff on cybersecurity best practices, and following the FDA’s Medical Device Safety Action Plan.
