Aviv Grafi, Votiro: the most targeted industries are soon to be healthcare, insurance, and finance
Cyber-attacks remain on the rise, affecting everyone from individuals to giant corporations. The trend is expected to continue with new industries falling victims to attacks shall they decide to neglect the adoption of appropriate security solutions.
Business, healthcare, and financial industries are already at the top of the criminals’ target list since they can potentially offer both very private information and financial gain. However, just like with any attack, there are ways of preventing such incidents by strengthening cybersecurity defenses.
Aviv Grafi, CTO & Founder of Votiro, told us about the technology used by Votiro to eliminate hidden threats and shared his projections about the future course of cybersecurity.
You have been providing security solutions for over ten years now. How did the idea of Votiro originate?
Early in my cybersecurity career, I was traveling and doing licensed hacking as a pentester. During this time, I found the easiest way to hack into a company was to deliver a fake document - usually a resume - to the recruiting or HR department. Opening these resumes was vital to these employees’ jobs, so that the infiltration method almost always succeeded.
When I considered that problem, I reflected that although the technology to secure documents and files had been around for 30 years, it was not working effectively in the enterprise because it negatively impacted employee productivity. I knew there was a better way, and thus the idea for Votiro was born.
You take pride in your Content Disarm and Reconstruction technology. Can you tell us a little bit more about it?
Content Disarm and Reconstruction (CDR) is a technology that proactively eliminates threats hidden in files. Traditionally, CDR has been either a blocker of files, content substitution (replace components of the file like active content with something else or flatten the file into a safe but useless PDF), policy-driven, or a combination of the three. The first two are safe but intrude on business operations and depend heavily on security staff resources. The third isn’t even safe.
Votiro’s Secure File Gateway uses Positive Selection®, the most advanced type of CDR technology, to disarm weaponized files before they enter the network. Votiro’s CDR also uses a zero-trust approach and assumes all files are malicious. It then reconstructs the files using only the known-good elements. This prevents virtually all attacks, ranging from unsophisticated commodity attacks to unknown and zero-day attacks, including ransomware.
Votiro’s technology is a game-changer for any company that must process, accept, or open files from outside sources, especially in high volumes. Thousands of files can be processed in milliseconds, regardless of the channel they enter (such as email, uploaded to a portal or cloud storage, or downloaded from the internet), and since the file fidelity remains intact, users experience no friction.
One of the most interesting attacks blocked by Votiro’s technology was a vendor email compromise (VEC) attack involving the Valyrian trojan, named after the indestructible steel in Game of Thrones. In this case, a hacker took advantage of the ongoing relationship between an insurance company and a law firm and hijacked an email thread between the two. Since the two companies had been engaged in email communication for some time, no suspicions were raised when an insurance company employee received a password-protected file containing legal documents that appeared to be coming from a counterpart at the law firm - but actually contained malware. The attack made it to the recipient's inbox, bypassing the existing email security solutions but, thanks to Votiro’s technology, which removed the malicious code, the malware was unable to execute, and the end-user -- none the wiser -- received a safe and secure file and was able to go about their day unaffected.
Another insurance company that processes 30,000 files per day through email and uploads implemented Votiro’s Positive Selection® technology and has maintained their full productivity while securing their files -- Votiro has prevented multiple attacks that would have succeeded otherwise.
What are some of the most common tactics that cybercriminals use which regular internet users should be aware of?
Attackers are taking advantage of Virtual Basic for Applications (VBA) programming and deploying macro malware. VBAs work within Microsoft Office programs such as Word, Excel, Outlook, and PowerPoint. Cybercriminals will embed malicious code in the macros, causing the malware to begin running once the macros are open. In fact, Microsoft even admits that 98% of threats targeting its Office Suite use macros.
In conjunction, these attacks are tailored towards the target, making it appear legitimate. VBA macros are especially attractive for cybercriminals because of the size of the attack surface. Currently, Microsoft Office is used by 1.2 billion users. With advanced social engineering techniques increasing among threat actors, the likelihood of an end-user falling for the macro virus is high. This wide range of macros opens opportunities for a large number of zero-day threats. This year, zero-day attacks are prevalent and are increasing in frequency. In fact, in July, we saw an attack targeting Microsoft Excel users by using a malware obfuscation technique to disable any defenses. The attack would begin with a phishing email containing a word document as an attachment.
It is important for users to be aware of any of the recent threats cybercriminals are posing, but at the end of the day, you can’t tell someone not to ever click on a link. If we want to fight this, we must use better technology and stop the threat before it reaches the end-user. That’s why it is so crucial to implement CDR technology so files can be sanitized before they reach employees who are already tasked with their normal day-to-day jobs.
Do you think the pandemic altered the ways in which threat actors operate?
The pandemic has accelerated digital transformation in nearly every industry. Companies are actively replacing old processes with newer ones that are more digitized, and this opens the door for attackers to seek out ways to compromise these processes.
However, it should be said that threat actors have been ramping up these attack methods for years -- through the different stages of what is now called digital transformation.
Since more companies adopt work-from-home policies, what are the main security risks associated with remote work?
Remote work makes infiltration easier for hackers. First, we’re using more digital channels, and second, when we are home, there is more interference and distractions. We might not be as focused on security when the kids are screaming or the dogs are barking, and we may forget security protocols and be open to more risk when we are not in the office space. These security risks are amplified because end-users may not have the same secure systems at home as they have in the office. Even with the most up-to-date web browsers, malicious files can still be sent via email for end-users to download. Users may still click a link and visit a phishing website that downloads a file to their device. That is why it is important to upgrade technology so that every file can be sanitized before it reaches the end-user.
In your opinion, which industries are going to be targeted the most in the near future?
The industries that will be most targeted in the near future will be healthcare, insurance, and finance. Already in 2021, we have seen hospitals, doctor’s offices, and every other healthcare provider targeted at a massive scale. That is because medical records are a financial jackpot for cybercriminals. On the Dark Web, patient records can sell for $1,000 each, whereas social security numbers sell for just $1 each -- and that is just the tip of the iceberg. According to the HHS, in a span of four days, three different providers in three different states were hit with a data breach causing over 183,000 patients to be affected -- most of which came from an eye care provider in Delaware affecting over 144,000 patients. Additionally, nearly every data breach in September was caused by a hacking/IT incident.
Financial firms, including insurance, are also no exception to being the future target of cybercriminals. In 2019, over half of all phishing attacks targeted the industry. Additionally, by the end of 2020, these attacks rose by 238%. Data within financial documents are easily accessible by unauthorized parties due to the increasing prevalence of document uploads. Furthermore, with mobile and online banking accounts allowing the sharing of documents through a banking portal, there is a risk that customers can accidentally send or upload files with malicious content embedded within.
In recent years, pentesting has become standard practice. Can you briefly describe what the process is like?
Think of pentesting as being a paid hacker. For about two years, I visited organizations in Asia and the US to review practices with the IT teams and audit the systems they had in place to report on the security measures the companies had in place.
Pentesting is trying several techniques to see if hackers could break into these systems. In essence, I was getting paid to hack into entertainment, manufacturing, and financial organizations. Once I broke into a company’s network, I would show them what needed to be fixed. The number one end-user to go after would be HR executives. All I had to do was look for job openings at the company I was targeting, do a quick search on LinkedIn to find the names of the HR department, and send them an attached resume with malware inside. Since it’s the HR department’s job to open documents, it was easy to target them to break into a company’s network.
Besides regular penetration tests, what other security measures can companies take to protect themselves against cyberattacks?
Adopt a zero-trust approach to file security. Sanitize documents before they reach the network so end-users can do their work without any worry and without slowing down their productivity.
Share with us, what’s next for Votiro?
There is so much in store for the future of Votiro. Just recently, we have appointed Ravi Srinivasan as our new CEO. Ravi will be spearheading our US growth and help accelerate market expansion. With Ravi at the helm, we will continue helping enterprises to adopt a zero-trust approach to file security without impacting employee productivity.