Sophos wins multiple channel leadership awards

Channel Best is one of our Sophos values, and we’re proud to work with more than 47,000 expert partners and managed service providers across the globe.

In recognition of our world-class channel leaders, last week CRN, a brand of The Channel Company, named Sophos Chief Executive Officer Kris Hagerman and Senior Vice President of Global Channels Kendra Krause in its 2019 list of Top 100 Executives.

Kris was also recognized as one of CRN’s 25 most influential executives and Kendra was called out as a top 25 channel sales leader for the third consecutive year.

Bob Skelley, CEO of The Channel Company, said:

The technology executives on CRN’s 2019 Top 100 Executives list provide strategic and visionary leadership and unparalleled guidance — regardless of the challenges that come their way.

In addition, Channel Partners named Vice President of Global MSP Scott Barlow a Top Gun 51 executive for driving MSP partner success.

We’re excited to receive these awards which are validation that we’re giving our partners – and customers – the most comprehensive and integrated portfolio of next-generation cybersecurity solutions to protect against complex threats.

The accolades are the latest in a recent series of channel recognitions. Already in 2019, 11 Sophos executives were named CRN Women of the Channel – the most from any dedicated IT security company – and six executives were named CRN Channel Chiefs. Sophos was also awarded Best Security Offering in Channel Partner Insight’s 2019 MSP Innovation Awards.

The CRN Top 100 Executives list will be featured in the August 2019 issue of CRN Magazine, as well as online. Channel Partners’ Top Gun 51 list is also available online.

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article:

At the BSides LV security conference on Tuesday, Pavel Tsakalidis demonstrated a tool he created called BEEMKA, a Python-based tool that allows someone to unpack Electron ASAR archive files and inject new code into Electron’s JavaScript libraries and built-in Chrome browser extensions. The vulnerability is not part of the applications themselves but of the underlying Electron framework — ­and that vulnerability allows malicious activities to be hidden within processes that appear to be benign. Tsakalidis said that he had contacted Electron about the vulnerability but that he had gotten no response — ­and the vulnerability remains.

While making these changes required administrator access on Linux and MacOS, it only requires local access on Windows. Those modifications can create new event-based “features” that can access the file system, activate a Web cam, and exfiltrate information from systems using the functionality of trusted applications­ — including user credentials and sensitive data. In his demonstration, Tsakalidis showed a backdoored version of Microsoft Visual Studio Code that sent the contents of every code tab opened to a remote website.

Basically, the Electron ASAR files aren’t signed or encrypted, so modifying them is easy.

Note that this attack requires local access to the computer, which means that an attacker that could do this could do much more damaging things as well. But once an app has been modified, it can be distributed to other users. It’s not a big deal attack, but it’s a vulnerability that should be closed.

Posted on August 8, 2019 at 11:11 AM

1 Comments

Are You Ready for Malware-as-a-Service?

About the Author

Symantec DeepSight Adversary Intelligence Team

Managed Adversary and Threat Intelligence (MATI)

Symantec’s managed adversary and threat intelligence (MATI) team of intelligence analysts & researchers are dedicated to understanding the adversary ecosystem and providing insightful customer reports detailing their plans, tactics, tools, and campaigns.