Latest news with #Ontinue
Yahoo
20-05-2025
- Business
- Yahoo
ACR Scales Securely Through M&As with Ontinue's AI-Powered MXDR
Five Years of Partnership: How Ontinue's Microsoft Expertise Helped ACR Accelerate Integration and Reduce Risk REDWOOD CITY, Calif., May 20, 2025 /PRNewswire/ -- Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, today announced it remains the MXDR provider of choice for ACR. As ACR accelerates its aggressive growth strategy—completing 10 acquisitions since 2016, the company has leaned on strategic technology partners to ensure its operations remain secure, agile, and efficient. Central to this approach is Ontinue supporting ACR's 24/7 managed security operations to help the organization scale confidently. ACR has been an Ontinue customer for 5 years—a testament to the consistent value and high level of service the team at Ontinue delivers. With a product portfolio that spans more than 6,000 items for the food service and hospitality industries, ACR depends on a reliable and secure supply chain. As the pace of mergers and acquisitions accelerates, integrating new companies with different systems and risk profiles has become increasingly complex. In response, ACR has elevated cybersecurity as a core business enabler—embedding it across M&A, supply chain resilience, and digital innovation. This enterprise-wide focus is led strategically by Thai Vong, the company's top technology executive, who serves as Vice President of Technology and Acting CIO, overseeing ACR's full technology portfolio—spanning cybersecurity, architecture, data and analytics, application delivery, and enterprise support functions. "Ontinue has helped us build a secure foundation that protects our environment around the clock," said Vong. "Their team feels like an extension of ours—proactive, responsive, and deeply embedded in our operations. That trust allows us to shift focus to broader business priorities like integrating acquisitions, optimizing the supply chain operations, and driving growth, without constantly worrying about what might be lurking in our environment." "The ability to scale without sacrificing security has become a competitive advantage for us," said Tom Boyles Jr., Director of Infrastructure and Security at ACR. "Ontinue's 24/7 monitoring, AI-driven capabilities, and deep integration with Microsoft tools like Defender and Sentinel ensure our environments remain secure—while freeing up our internal team to focus on high-impact projects. ACR values innovation in its partners, and Ontinue's use of AI is a hallmark of the kind of forward-thinking approach we look for. Their AI-powered capabilities, combined with Thai's strategic leadership, helped us take our cybersecurity program to the next level." Future-Ready Security Investment: Managed SecOps Built to Scale Ontinue's ION MXDR service sets a new standard for MDR by going further to investigate and resolve every incident without customer involvement. This empowers CISOs and their teams to shift focus from day-to-day security tasks to more strategic initiatives. Ontinue has pioneered several key innovations to reimagine how managed security is delivered – combining collaboration, intelligent automation, AI and human expertise. Ontinue launched the industry's first Microsoft Teams-based collaboration model that enables real-time, direct engagement between customers and the Ontinue Cyber Defense Center for faster communication and decision-making during incident management. Smart Response further tailors the service to each organization by automating customized rules of engagement and escalation paths that allow the ION MXDR service to seamlessly integrate into a customer's desired operational model. Additionally, to accelerate investigations at scale, Ontinue introduced autonomous investigations powered by agentic AI. Every incident escalated to the Ontinue Cyber Defense Center is automatically investigated by ION IQ, the AI at the core of the ION MXDR service, before being passed to a human for further analysis. For each incident ION IQ uses agentic AI to gather contextual information from disparate systems, form a hypothesis, develop an action plan for testing the hypothesis, conduct the investigation, and provide a detailed summary for review by one of Ontinue's Cyber Defenders – all in a matter of minutes. Together, these capabilities have led to a 50% decrease in the meantime to investigate (MTTI) incidents in ACR's environment, despite the fact that the ACR environment has grown larger and more complex over time. "Our mission is to deliver nonstop security that enables our customers to stay focused on what matters most to their business," said Geoff Haydon, CEO at Ontinue. "As attack surfaces and new threats emerge faster than ever before, CISOs and their teams face mounting pressure. From the beginning, Ontinue has always viewed AI — especially GenAI and agentic AI — as a critical technology, a force multiplier for overcoming scale and speed limitations that legacy MDRs simply can't address. For the first time ever, we are able to leverage human reasoning and problem solving at machine speed and scale. We're incredibly proud to be a trusted partner to ACR as they scale their business through rapid growth." By selecting Ontinue, ACR also found a partner to improve its security posture and reduce enterprise risk. Ontinue's proprietary Security Posture Improvement Framework has helped ACR improve their Microsoft Secure Score (a common metric for measuring security posture health) to 68, 70% higher than the industry average. As part of the ION MXDR service, the ACR team works with their designated Cyber Advisor to identify, prioritize, and implement tactics and controls that systematically reduce the attack surface, even while the ACR environment continues to grow with each new acquisition. ACR is now better equipped to integrate newly acquired companies swiftly and safely, often within a two-month window. "As we integrate acquisitions and expand our digital landscape," added Vong, "we've prioritized building a unified security architecture that doesn't just protect but adapts in real time. Ontinue's Managed SOC services have allowed us to extend Microsoft Defender and Sentinel across our hybrid infrastructure—giving us centralized visibility, standardized controls, and streamlined incident response across every business unit. That consistency is critical when onboarding new companies, especially at the pace we're growing." "With the addition of a dedicated cybersecurity analyst, we accelerated the implementation of the NIST Cybersecurity Framework, improved our CIS benchmarks, and began our journey into NIST's AI Risk Management Framework—all while strengthening enterprise risk and business continuity planning," said Tom Boyles Jr., Director of Infrastructure and Security at ACR. "It reflects the shift we've made from reacting to threats to systematically building maturity across our security program." Rather than building an in-house security operations center (SOC), ACR leverages Ontinue's 24/7 SOC to deliver around-the-clock coverage while minimizing internal staff burnout. Ontinue's team acts as an extension of ACR's IT organization, helping them operationalize their Microsoft Defender and Sentinel solutions and maximize the return on these investments. As a result, ACR can scale its operations—both organically and through acquisition—without needing to scale its security team or implement additional tools at the same pace. Key Results of Partnership between ACR and Ontinue 30 hours of analyst time saved in the last 90 days, freeing up ACR's internal talent to focus on high-impact, enterprise-level initiatives rather than day-to-day security tasks. 50% reduction in mean time to investigation (MTTI), significantly accelerating threat detection and response. Increased Microsoft Secure Score to 68 (from 53 since November 2024), which is 70% above the industry average. 28% improvement in Microsoft Secure Score (from 53 to 68) since November 2024, reflecting stronger configuration hygiene and overall security posture. Zero security breaches in 2024, maintaining industry-best standards for proactive threat prevention. 5-year partnership milestone, underscoring the sustained value and trust ACR places in Ontinue's managed security services Innovation & Collaboration Builds Trust The partnership with Ontinue extends beyond technology. Embedded collaboration through Microsoft Teams enables seamless communication during incident response. Ontinue's high-touch approach fosters transparency, trust, and faster decision-making across both organizations. This close working relationship has also strengthened ACR's broader enterprise risk management and cybersecurity framework, supporting continuous improvement and resilience. "Cybersecurity is no longer just about defense, it's about enabling the business to move faster with confidence," said Thai Vong, Vice President of Technology and Acting CIO. "As we continue to scale through acquisitions and digital transformation, having a partner like Ontinue, who understands our pace, our architecture, and our priorities, has been invaluable. Their seamless integration with our Microsoft ecosystem and real-time responsiveness through Teams allow us to navigate complexity without slowing down. Together, we've strengthened our risk posture while creating space for continuous improvement and innovation." As ACR continues to evolve and expand, its partnership with Ontinue remains a critical enabler—ensuring every new acquisition, system upgrade, or operational change is underpinned by modern, resilient cybersecurity. While ACR accelerates its digital transformation and navigates an increasingly AI-driven threat landscape, the company remains focused on building a cybersecurity program that is both scalable and deeply integrated. In today's environment, adapting in real time—without slowing business momentum—is essential. "At ACR, cybersecurity is part of our business model, not just a defense mechanism," said Vong. "Modern cybersecurity is not a bolt-on. It's embedded in how we operate and grow. It's the foundation for every digital move we make, whether we're onboarding a new business, launching a new platform, or protecting the trust our customers place in us. Ontinue's approach gives us the clarity and assurance that our environment remains protected." Vong's leadership continues to define how ACR embeds cybersecurity into the fabric of its operation, aligning innovation, trust, and resilience at scale. For more information on how Ontinue helps organizations like ACR protect and scale their operations, visit About Ontinue: Nonstop SecOps As a leading provider of AI-powered managed extended detection and response (MXDR) service, Ontinue is on a mission to be the most trusted security partner that empowers customers to embrace and accelerate digital transformation by using AI to operate more at scale, and with less risk. The combination of AI and human expertise is essential for delivering effective managed security that is tailored to a customer's unique environment, operational constraints, and risks. Our MXDR service combines powerful proprietary AI with the industry's first collaboration with Microsoft Teams to continuously build a deep understanding of our customers' environments, informing how we prevent, detect, and respond to threats. Our Microsoft expertise allows customers to achieve these outcomes with the Microsoft Security tools they already own. The result is highly localized managed protection that empowers security teams to be faster, smarter, and more cost efficient than ever before. Continuous protection. AI-powered Nonstop SecOps. That's Ontinue. Ontinue PR Contacts: Alison Raymondaraymond@ ICR LuminaNathaniel HawthorneOntinue@ View original content to download multimedia: SOURCE Ontinue
Forbes
22-04-2025
- Forbes
2FA Is Under Attack — New And Dangerous Infostealer Update Warning
Beware the Lumma Stealer threat. getty Can the infostealer threat ever be stopped? That's a question that is haunting me right now, to be honest, and a new malware analysis report is doing little to lift my mood. As if things weren't bad enough already, with 800 million compromised passwords listed in criminal forums, a million Windows devices recently infected by the malicious curse and even the tech giants falling victim. Whether it is your passwords, 2FA codes or other data, infostealer malware can strike in as little as 10 seconds flat. Now, researchers have warned that one of the biggest culprits, Lumma Stealer, is increasingly difficult to detect. Predicting a surge in Lumma Stealer attacks will continue throughout 2025, Mayuresh Dani, security research manager at the Qualys Threat Research Unit, warned that the malware 'recently underwent updates where, rather than stealing information all at once, the stealer now assembles and exfiltrates each piece of information as it is obtained.' This makes Lumma far stealthier and hence more resilient against detection. What's more, Dani explained, other infostealers, such as the notorious Redline Stealer, have been out of action since late last year, which has resulted in 'threat actors turning towards Lumma Stealer.' Once you understand that Lumma Stealer has a myriad of information-stealing capabilities, including the targeting of cryptocurrency wallets, user credentials, and 2FA codes, the release of an April 21 report from Trellix analysts is all the more concerning. Lumma Stealer 'constantly adapts its TTPs and payloads to bypass security defenses,' Mohideen Abdul Khader, a security researcher at the Trellix Advanced Research Center and author of the report, said. Lumma is designed to detect virtual and sandbox environments, Khader explained, allowing it to avoid detection by security systems. The latest updated versions employ code flow obfuscation, and anyone with a technical leaning is advised to read the full report for the details. A second report, this time authored by Mathias Sigrist, a senior detection engineer on the threat detection team at Ontinue, has explored ways to help automate detection of the threat. While focusing on Ontinue detection platforms, the report is still an interesting read for anyone wanting to know more about the infostealer threat. 'One of the biggest reasons for the surge in Lumma Stealer malware attacks is that it is pressing on a weakness in the cybersecurity industry's approach to detection engineering,' John Bambenek, president at Bambenek Consulting, said. Bembenek is referring to the fact that writing detections on single events or log entries is an insufficient default. 'Defenders need to start looking at multiple events to create alerts or they'll simply be missing attacks,' Bambenek concluded, neatly rounding upon just why the infostealer threat is likely to get worse, much worse, before it gets better.
Yahoo
08-04-2025
- Business
- Yahoo
Ontinue Announces ION for Enhanced Phishing Protection to Reduce Risk and Strengthen Cyber Resilience
New Add-On Service for ION MXDR Customers Expands Managed Detection, Investigation, and Response Capabilities to Bolster Defense Against Phishing Attacks REDWOOD CITY, Calif., April 8, 2025 /PRNewswire/ -- Ontinue, a leading provider of AI-powered managed extended detection and response (MXDR) services and winner of the 2023 Microsoft Security Services Innovator of the Year award, today announced ION for Enhanced Phishing Protection. This new add-on service extends phishing detection and response capabilities for ION MXDR customers, significantly reducing cyber risk by handling emails reported as suspicious by end users. ION for Enhanced Phishing Protection empowers organizations to mitigate phishing threats efficiently while maximizing the ROI of their existing Microsoft Security investments. Phishing remains one of the most persistent and costly cybersecurity threats organizations face today. Despite investments in advanced security controls, phishing emails continue to slip through defenses. Reports show a 49% increase in phish reports between 2021 and 2024. With users frequently engaging with these emails within minutes, organizations must be prepared to respond swiftly. The challenge is compounded by the growing sophistication of phishing tactics and the sheer volume of incidents, making it increasingly difficult to distinguish real threats from false alarms. Given phishing's role in the majority of successful cyberattacks, organizations must strengthen their ability to detect, investigate, and mitigate these threats before they lead to costly breaches. ION for Enhanced Phishing Protection: A Smarter Approach Involving Users ION for Enhanced Phishing Protection enhances detection and response by leveraging user-reported phishing emails as an additional detection source and providing specialized response actions. This enables customers to effectively address a critical cyber risk area that is often inadequately managed. Organizations benefit from the speed, accuracy, and consistency of ION's proprietary automation, as well as the 24/7 expertise of the Ontinue Cyber Defense Center (CDC) to investigate and contain complex phishing incidents. "With human error contributing to the definitive majority of cybersecurity incidents, organizations must strengthen their defenses beyond traditional security controls," said Geoff Haydon, CEO of Ontinue. "Phishing remains one of the most effective attack vectors, because users are the last line of defense -- yet they're often overwhelmed by the volume of threats. ION for Enhanced Phishing Protection turns user-reported phishing emails into actionable intelligence, combining AI-driven automation with expert-led response to stop attacks faster and significantly reduce risk." Key capabilities of ION for Enhanced Phishing Protection include: Automated Analysis of User-Reported Phishing Emails: ION automates the analysis of all incoming phishing alerts, examining user accounts, hosts, mailboxes, IP addresses, files, and URLs. Advanced automated investigation includes attachment and URL analysis for deeper threat detection. Tailored, Machine-Speed Response Actions: ION can execute automated response actions, including blocking Indicators of Compromise (IOCs), restricting malicious senders, and removing phishing emails from inboxes. Response actions align with customer-defined Rules of Engagement (RoE) and can be automated or require customer approval. 24/7 Expert-Led Investigation and Response: If automation cannot resolve an incident, the Ontinue Cyber Defense Center (CDC) provides expert-led investigation and containment, ensuring swift mitigation of phishing threats. ION for Enhanced Phishing Protection is now available as an add-on service for ION MXDR customers. To learn more about how Ontinue is redefining phishing protection, visit Related Resources: Solution Brief: Learn more about ION for Enhanced Phishing Protection Learn more about how Ontinue can help your organization alleviate SecOps burden while improving your security posture. Follow Ontinue on LinkedIn. About Ontinue Ontinue is a leading provider of AI-powered managed extended detection and response (MXDR) services, empowering modern organizations to securely embrace their digital future. We're on a mission to redefine managed security operations with Nonstop SecOps, a 24/7 approach that delivers continuous protection through trust and innovation. Ontinue ION leverages an AI-powered platform, human expertise and our customers' own Microsoft tools to deliver tailored protection that conforms to your environment and operations. The result is fast threat detection and response, and continuous security posture hardening. With ION handling the daily security operations, CISOs and their teams get more time back in their day to focus on the next big initiative to propel their organization forward. ION's innovative collaboration model and transparent architecture ensure that security analysts always have instant access to eyes-on-glass SecOps support and complete control of their data. Additionally, Ontinue's unparalleled Microsoft expertise helps CISOs and CIOs maximize return on their investment in Microsoft controls and consolidate their security stack. Continuous Trust. Continuous Innovation. Continuous Empowerment. That's Nonstop SecOps from Ontinue. Ontinue PR Contacts:Alison Raymondaraymond@ ICRNathaniel HawthorneOntinue@ View original content to download multimedia: SOURCE Ontinue Sign in to access your portfolio
Forbes
01-04-2025
- Forbes
Microsoft Teams Users Exploited In Sophisticated Multi-Stage AI Attack
Microsoft Teams used in sophisticated hack attack. Phishing attacks are getting increasingly sophisticated, from the use of smartphone farms to launch attacks, to hard to detect AI-driven threats, to the use of legitimate Microsoft 365 emails to bypass security controls. But the phishing attack is only the first stage of the process, as this multi-level hack attack targeting Microsoft Teams users demonstrates only too well. Signed, side loaded and compromised. That's how security researchers at the Ontinue Cyber Defence Centre have described a sophisticated multi-stage attack that starts with a Microsoft Teams message delving a malicious PowerShell payload, and, by way of remote access tooling and living off the land binaries, gains initial access and the persistence through a JavaScript-based backdoor on victim devices. 'This attack chain highlights how a relatively simple vishing-based social engineering tactic can escalate into a full-scale compromise when paired with trusted tooling, signed binaries, and stealthy second-stage payloads,' the researchers warned. Although the Ontinue researchers were unable to attribute the attacks with a high-level of confidence, they did find a number of striking similarities with a threat actor identified by Microsoft as Storm-1811. The full technical details can be found in the report, but the researchers found that the attack started with the threat actors sending a message by way of Microsoft Teams creating an external chat. 'The actor transmitted a PowerShell command directly via the Teams message,' Ontinue said, 'and also utilised the QuickAssist remote tool to gain access to the target device remotely.' The root cause of the incident was a video messaging attack, something that I have already reported is surging with an increase of 1633% in quarter one of 2025 alone. 'This attack chain highlights how a relatively simple vishing-based social engineering tactic can escalate into a full-scale compromise when paired with trusted tooling, signed binaries, and stealthy second-stage payloads,' Ontinue concluded. I have reached out to Microsoft for a statement. J Stephen Kowski, field chief technology officer at SlashNext Email Security+, said that real-time scanning across all communication channels, not just email, is essential since these attacks often start with social engineering before deploying malicious tools, such as sideloaded DLLs. 'Advanced protection that combines computer vision, natural language processing, and behavioral analysis can identify these sophisticated attacks even when they use legitimate-looking tools or QR codes,' Kowski concluded. 'The attacker sideloaded a malicious DLL that dynamically commandeered a trusted process, transforming routine remote support into a covert entry point,' Jason Soroko, a senior fellow at Sectigo, said. Calling every move made by the threat actor 'lean,' Soroko advised that security teams should be on the lookout for 'Microsoft Teams messages containing PowerShell commands, unexpected use of QuickAssist, and signed binaries running from nonstandard locations.'
Forbes
25-03-2025
- Business
- Forbes
Massive Surge In Ransomware Attacks—AI And 2FA Bypass To Blame
Ransomware attacks up, ransoms paid down. If you need proof that the ransomware threat is not dead in the security threat water, look no further than the latest FBI warning about the Medusa ransomware-as-a-service attacks. Ransomware is not only alive and well but also rapidly evolving. I have reported how one criminal group, Black Basta, was found to be using sophisticated tools to brute-force VPN and firewall passwords, and stolen passwords are increasingly driving attacks. The good news is that enterprise defenses are improving, and the amount being paid in ransom demands to these criminal gangs is falling fast. The bad news is that the same threat intel report also revealed that the fast-evolving ransomware landscape has led to a massive surge in attacks. Here's what you need to know. What if I were to tell you that social engineering using AI deception, commonly known as deepfake phishing or in some quarters as vishing, has increased by an incredible 1,633% in quarter one of 2025 compared to the last quarter of 2024? What's that got to do with ransomware? Apart from the fact that it is used as one of the most common methods of gaining initial access to your networks, nothing. Can you taste the sarcasm from my keyboard? Ransomware attacks surged 132% despite a 35% drop in payments. With less ransom being paid out, cybercriminals are shifting their strategies to compensate for the growing number of organizations that have strengthened their security posture to avoid having to pay ransom. OK, let's change tack. What if I were to tell you that adversary-in-the-middle attacks are also increasing with alarming velocity? You know, those clever hacking tactics used to steal session cookies and, by so doing, enable ransomware attackers to access your accounts at leisure without having to worry about annoying 2FA codes. Maybe if I mentioned the exploitation of operational technology environments, I would be speaking your language. Ransomware attackers are targeting OT devices with greater frequency. Now, what if it wasn't me telling you this but the threat intelligence experts at Ontinue? The March 25 threat intelligence report from Ontinue revealed all these things and more. 'The cyber threat landscape isn't just evolving,' it said, 'it's becoming more aggressive.' With attackers leveraging AI, trusted platforms and legitimate software tools to breach defenses and exploit vulnerabilities, this is not time to be sitting back and thinking the threat is over. One of the interesting trends to come out of the Ontinue report was the fact that the amount of money being made by attackers through ransom payments is down a little over a third. Casey Ellis, founder at Bugcrowd, thinks this is fascinating but not surprising. 'The combination of increased law enforcement pressure, better international collaboration, and organizations refusing to pay are clearly making a dent,' Ellis said. It's also a testament to the pay or don't pay debate evolving into 'a broader conversation about resilience and deterrence,' Ellis continued. The real question, though, is will the downward dip continue. Ellis isn't convinced. 'The, ransomware business model is an arms race, and threat actors are nothing if not adaptable,' Ellis concluded. 'We've already seen a shift toward exfiltration-based extortion, stealing data and threatening to leak it if the ransom isn't paid.'
