Houdini Malware is Back, and Amazon Sidewalk has Affected Enterprise Risk Assessments


A secure access service edge (SASE) platform's nature allows it to see a significant number of internet data flows, and the larger the platform, the more dataflows can be evaluated. A review of over 263 billion network flows from Q2 2021 reveals rising dangers, new uses for old malware, and the expanding use of consumer devices in the workplace. 

According to the Cato Networks SASE Threat Research Report, a new version of the old Houdini malware is now being used to steal device information in order to circumvent access rules that looks at both the device and the user. Attackers have prioritized spoofing device IDs, which have evolved from simple point solutions to cloud-based services. As a result, verifying device identity has become critical for strong user authentication. 

The report also shows how Amazon Sidewalk and other consumer services run on many enterprise networks, making risk assessment difficult. “Cybersecurity risk assessment is based on visibility to threats as much as visibility to what is happening in the organization’s network,” says Etay Maor, senior director of security strategy at Cato Networks. 

Maor doubts that many firms would be comfortable with on-site networks that include a variety of home gadgets, including those that are automatically signed in by Sidewalk and belong to employees' neighbours. Just as concerning, he said, "How many companies are even aware that home devices have been brought into the corporate network and are sharing the corporate infrastructure." 

“With lines blurring between the home office and the corporate network – more devices and applications find their way to the organization’s network but not necessarily to the organization’s risk assessment,” Maor added. 

9.5 billion network scans were discovered across Cato's platforms in Q2. Maor is certain that the company's combination of AI-based danger identification and human help assures that these aren't researcher scans. Cato also discovered about 817 million security events caused by malware, as well as over 475 million events caused by incoming or outbound contact with domains with a negative reputation.  

There were nearly 400 million policy breaches, including 241 million vulnerability scans from scanners like OpenVAS, Nessus, and others that violated Cato's security policy or common best practices for network security. The most common exploit attempt (7,957,186 attempts) was against the CVE-2020-29047 vulnerability, a WordPress wp-hotel-booking vulnerability.