{"id":5137,"date":"2024-04-14T14:25:50","date_gmt":"2024-04-14T19:25:50","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5137"},"modified":"2024-04-14T14:25:50","modified_gmt":"2024-04-14T19:25:50","slug":"incident-response-and-security-operations-2024-04-14","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/incident-response-and-security-operations-2024-04-14\/","title":{"rendered":"Incident Response and Security Operations -2024-04-14"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a>Table of Contents<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Stellar Cyber Integrates with Exium to Streamline Cybersecurity Investigations<\/li>\n\n\n\n<li>Demystifying DDR: Your Questions Answered &#8211; projectcubicle<\/li>\n\n\n\n<li>Hunter-killer malware: How to prevent it from undermining security controls<\/li>\n\n\n\n<li>Why Cyber-Fraud Teams Are the Next Big Thing in Payments Security<\/li>\n\n\n\n<li>Gigamon and Cribl Announce Technology Integration that Delivers Comprehensive Intelligence to a &#8230;<\/li>\n\n\n\n<li>Lurking in the Shadows: Attack Trends Shine Light on API Threats<\/li>\n\n\n\n<li>Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?<\/li>\n\n\n\n<li>An Introduction to the 2024 Annual Cyber-Threat Report<\/li>\n\n\n\n<li>N\u2011able Builds on the Ecoverse Vision by adding Rewst and HaloPSA Integrations<\/li>\n\n\n\n<li>2024 Sophos Threat Report: Ransomware still the biggest threat<\/li>\n\n\n\n<li>Acumen launches to protect modern businesses from complex cyber threats 24\/7<\/li>\n\n\n\n<li>NTT DATA: newly united and ready for the digital future<\/li>\n\n\n\n<li>TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service<\/li>\n\n\n\n<li>FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities<\/li>\n\n\n\n<li>WatchGuard Threat Lab Analysis Shows Surge in Evasive<\/li>\n\n\n\n<li>Don\u2019t Make These Incident Response Planning Mistakes<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.businesswire.com\/news\/home\/20240325096691\/en\/Stellar-Cyber-Integrates-with-Exium-to-Streamline-Cybersecurity-Investigations\/favicon.ico\">&nbsp;<a><strong>Stellar Cyber Integrates with Exium to Streamline Cybersecurity Investigations<\/strong><\/a><br><em>Business Wire<\/em><br>Stellar Cyber, a leading provider of Open XDR software, announced a new integration with Exium&#8217;s MSP-driven Zero Trust SASE Platform<br>This integration allows users of Stellar Cyber&#8217;s Open XDR platform to streamline comprehensive cybersecurity investigations and take decisive response actions within Exium to maintain continuous protection<br>Exium delivers a robust SASE platform that secures users, assets, and data across cloud, on-premises, and remote environments through its Intelligent Cybersecurity Mesh<br>Stellar Cyber ingests and analyzes data from Exium and other sources to identify potential threats, create prioritized cases, and automatically initiate response actions on integrated products like Exium<br>The integration helps Exium&#8217;s MSP partners eliminate tedious manual processes from cyber investigation workflows, reducing risk of breaches for their clients<br>Key benefits include spending less time firefighting, minimizing attacker dwell time by faster threat identification\/response, and boosting security team productivity by automating manual tasks<br>It exemplifies Stellar Cyber&#8217;s focus on delivering integrations based on customer and market needs to drive better results without adding complexity.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20240325096691\/en\/Stellar-Cyber-Integrates-with-Exium-to-Streamline-Cybersecurity-Investigations\">https:\/\/www.businesswire.com\/news\/home\/20240325096691\/en\/Stellar-Cyber-Integrates-with-Exium-to-Streamline-Cybersecurity-Investigations<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.projectcubicle.com\/wp-content\/uploads\/2020\/05\/16x16.png\">&nbsp;<a><strong>Demystifying DDR: Your Questions Answered &#8211; projectcubicle<\/strong><\/a><br><em>Katrina Thompson<\/em><br><em>Project Cubicle<\/em><br>What is DDR<br>DDR is an innovative approach to cybersecurity that continuously monitors and analyzes data activities across an organization&#8217;s network, endpoints, and cloud environments<br>It represents a paradigm shift by prioritizing data safeguarding and swift threat response<br>How DDR is Different:<br>DDR integrates existing threat technologies like IRM, CASB, SASE, and DLP<br>It classifies data not just by content but also by data lineage and context<br>Unlike DLP, DDR attaches security controls directly to the data itself rather than environments<br>Advantages of DDR:<br>Provides more accurate data classification by using lineage and context<br>Can monitor data continuously as it moves across apps, devices, and cloud<br>Enables real-time response to block data exfiltration attempts<br>Covers data across all assets, not just specific storage locations<br>Addressing DLP Shortcomings:<br>DLP struggles with continuous data classification improvements<br>DLP has a narrow view focused on predefined patterns and areas<br>DDR can detect sensitive data even in unstructured formats like ML models<br>DDR generates fewer false positives by utilizing advanced analytics<br>In essence, DDR takes a data-centric approach to continuously monitor, accurately classify, and autonomously respond to data exfiltration threats across the entire enterprise IT environment in real-time.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.projectcubicle.com\/demystifying-ddr-your-questions-answered\">https:\/\/www.projectcubicle.com\/demystifying-ddr-your-questions-answered<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.scmagazine.com\/favicon.ico\">&nbsp;<a><strong>Hunter-killer malware: How to prevent it from undermining security controls<\/strong><\/a><br><em>SC Magazine<\/em><br>The Picus Red Report 2024 reveals a significant rise in hunter-killer malware, designed to impair security controls and allow threat actors to persist in networks<br>The report analyzed 600,000 malware samples and mapped them to the MITRE ATT&amp;CK framework, finding that 70% of malware employ stealth tactics, and techniques targeting application layer protocol usage surged by 176%<br>The rise of hunter-killer malware is a top concern for security teams, as it assumes that threat actors are already in the network and employing stealth to persist<br>The report also highlights the 10 most prevalent MITRE ATT&amp;CK techniques in 2023, showcasing the growing sophistication of threat actors<br>Highlights:<br>Hunter-killer malware is designed to actively seek out and eliminate specific targets, often with the intent of disrupting or destroying defensive security controls.<br>70% of scrutinized malware employ stealth tactics, allowing for persistence in networks<br>Techniques targeting application layer protocol usage surged by 176%, notably in double extortion ransomware schemes for data exfiltration<br>The rise of hunter-killer malware is a top concern for security teams, as it assumes that threat actors are already in the network and employing stealth to persist<br>The 10 most prevalent MITRE ATT&amp;CK techniques in 2023 include Process Injection, Command and Scripting Interpreter, Impair Defenses, System Information Discovery, and Data Encrypted for Impact<br>To combat hunter-killer malware, organizations should adopt a defense-in-depth approach, zero-trust principals, multi-factor authentication, advanced behavioral analyses, and artificial intelligence tailored to detect anomalies<br>Ongoing security validation is essential to ensure that an organization&#8217;s security posture is as robust as it should be<br>Picus urges organizations to embrace machine learning, protect user credentials, and consistently validate their defenses against the latest tactics and techniques used by cybercriminals.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.scmagazine.com\/resource\/hunter-killer-malware-how-to-prevent-it-from-undermining-security-controls\">https:\/\/www.scmagazine.com\/resource\/hunter-killer-malware-how-to-prevent-it-from-undermining-security-controls<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<a><strong>Why Cyber-Fraud Teams Are the Next Big Thing in Payments Security<\/strong><\/a><br><em>Chris Best<\/em><br><em>InetCo<\/em><br>The increasing interconnectedness of digital systems and the ingenuity of financial criminals have led to a convergence between payment fraud, cybercrime, and anti-money laundering (AML)<br>Cybercriminals are exploiting vulnerabilities in digital payment systems, making payment fraud more prevalent and challenging to detect<br>Sophisticated attacks, such as advanced persistent threats (APTs), involve a combination of social engineering, malware, cyberattacks, identity theft, stolen credentials, and mule accounts<br>Traditional organizational silos within companies make tackling this convergence a challenge, as fraudsters exploit the gaps between information security, fraud, and risk teams<br>Leading financial institutions are establishing cyber-fraud fusion teams to bring together cybersecurity, anti-fraud, and AML resources for a more holistic view of the threat landscape<br>Access to the right data at the right time, along with artificial intelligence and machine learning, are crucial for effective cyber-fraud prevention strategies<br>Highlights:<br>Nearly $1 billion has been stolen through APT cyber-fraud attacks, such as those carried out by the Carbanak crime group<br>In a multi-vector cyber-fraud attack at a large bank in Africa, $19 million was stolen in just three hours using a combination of spear-phishing, malware, and forged credit cards<br>Traditional security methods and organizational silos within companies make it challenging to tackle the convergence of payment fraud, cybercrime, and AML<br>Leading financial institutions are establishing cyber-fraud fusion teams to bring together cybersecurity, anti-fraud, and AML resources for a more holistic view of the threat landscape<br>Access to the right data at the right time is the foundation of efficient convergence programs, and data fusion provides a single source of data to multiple teams<br>Artificial intelligence and machine learning support financial institutions in their privacy compliance by helping prevent data breaches and flagging suspicious activity with precision<br>INETCO BullzAI is a real-time, ML-powered software solution designed to address the converged attack vectors of payment fraud, cyberattacks, and money-laundering.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.inetco.com\/blog\/cyber-fraud-teams-next-big-thing-payments-security\">https:\/\/www.inetco.com\/blog\/cyber-fraud-teams-next-big-thing-payments-security<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.businesswire.com\/news\/home\/20240326713178\/en\/favicon.ico\">&nbsp;<a><strong>Gigamon and Cribl Announce Technology Integration that Delivers Comprehensive Intelligence to a &#8230;<\/strong><\/a><br><em>Business Wire<\/em><br>Gigamon, a deep observability company, and Cribl, the Data Engine for IT and Security, have announced an integration between Gigamon GigaVUE Cloud Suite and Cribl Stream<br>This integration enables organizations to transform data strategies by formatting and delivering telemetry intelligence in accordance with how each tool ingests data<br>Cribl can now bring network telemetry from Gigamon into Cribl Stream, providing joint customers with deep observability across hybrid cloud infrastructure and extending the value of existing tool investments<br>Key points:<br>Organizations face challenges in securing and monitoring complex infrastructure spanning private and public cloud, virtual, container, and IoT\/OT instances<br>Gigamon offers a Deep Observability Pipeline, with GigaVUE Cloud Suite at its core, delivering greater security and performance optimization<br>Cribl&#8217;s vendor-agnostic data management solution enables security and IT Ops teams to accelerate threat detection and incident response with seamless access to telemetry data from various sources<br>The integration allows joint customers to attain the highest level of choice, control, and flexibility to gain the most value out of their network infrastructure data<br>Bringing network and system telemetry together helps mutual customers get any data in any format to any destination in the network they require<br>The integration streamlines the approach to monitor and secure hybrid cloud infrastructure, reducing the complexity of mapping data flows between the network and individual tools<br>Gigamon serves more than 4,000 customers worldwide, including over 80 percent of Fortune 100 enterprises, 9 of the 10 largest mobile network providers, and hundreds of governments and educational organizations<br>Cribl&#8217;s product suite, used by Fortune 1000 companies globally, includes Cribl Stream, Cribl Edge, and Cribl Search.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20240326713178\/en\">https:\/\/www.businesswire.com\/news\/home\/20240326713178\/en<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<a><strong>Lurking in the Shadows: Attack Trends Shine Light on API Threats<\/strong><\/a><br><em>Steve Winterfeld; Akamai Security Intelligence Group March<\/em><br><em>Akamai Blog<\/em><br>Akamai&#8217;s latest State of the Internet (SOTI) report, &#8220;Lurking in the Shadows: Attack Trends Shine Light on API Threats,&#8221; highlights the growing threat to APIs and the need for better visibility and security controls<br>The report reveals that 29% of web attacks targeted APIs in 2023, with attackers using traditional methods like LFI, SQLi, and XSS, as well as API-specific techniques<br>Key insights:<br>APIs are increasingly targeted by cybercriminals, with nearly 30% of web attacks focusing on APIs<br>Organizations face API security challenges, including posture problems (e.g., shadow endpoints, unauthenticated resource access) and runtime problems (e.g., unauthenticated resource access attempts, abnormal JSON properties)<br>Visibility, vulnerabilities, and business logic abuse are three general challenges that APIs face, requiring comprehensive security programs<br>Organizations need to focus on API discovery, risk audits, behavioral detection, and threat hunting to enhance visibility and protect their API environment<br>Compliance requirements, such as GDPR and PCI DSS v4.0, are beginning to include APIs, shaping security programs<br>To keep APIs safe from attacks, organizations should:<br>Evaluate their discovery, investigation, and mitigation capabilities<br>Conduct red team testing to assess security posture and runtime issues<br>Build validation tests as purple team exercises to ensure effective mitigation processes<br>Use the use cases reviewed in the SOTI report as templates for test plans<br>The report also includes API attack trends by region (APJ and EMEA) and encourages readers to visit Akamai&#8217;s Security Research Hub for more insights and information on the latest threats.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.akamai.com\/blog\/security\/attack-trends-shine-light-on-api-threats\">https:\/\/www.akamai.com\/blog\/security\/attack-trends-shine-light-on-api-threats<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/securityboulevard.com\/wp-content\/uploads\/2021\/10\/android-chrome-256x256-1-32x32.png\">&nbsp;<a><strong>Can Compensating Controls Be the Answer in a Sea of Vulnerabilities?<\/strong><\/a><br><em>Yair Herling<\/em><br><em>Security Boulevard<\/em><br>In the face of the overwhelming number of vulnerabilities and the constant stream of cyber security news, organizations often struggle with patching fatigue and the belief that fixing all vulnerabilities is an impossible task<br>While risk-based vulnerability prioritization (RBVP) is still the primary approach to vulnerability remediation, not all vulnerabilities can be patched immediately or at all<br>In such cases, compensating controls can be a valuable tool in mitigating the risk posed by unpatched vulnerabilities<br>Key points:<br>Compensating controls are alternative security measures implemented when patching a specific vulnerability is too difficult or impractical<br>They offer several strategic advantages, including prioritization of patching efforts, reduced downtime, and resource optimization<br>However, compensating controls are not a magic bullet and should not be relied upon solely<br>Their effectiveness must be thoroughly evaluated and documented, and ongoing monitoring is essential<br>Implementing and maintaining compensating controls can be resource-intensive, requiring dedicated personnel and expertise<br>A layered security strategy that includes vulnerability assessment, exposure assessment, compensating controls, and traditional patching is crucial for a robust defense<br>Organizations must adopt a risk-based approach that prioritizes patching critical vulnerabilities while leveraging compensating controls for those that are unpatchable due to legitimate constraints<br>The deployment of these measures should be informed by a thorough exposure assessment, which evaluates the potential impact and exploitability of identified vulnerabilities in the context of the organization&#8217;s unique security infrastructure.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/securityboulevard.com\/2024\/03\/can-compensating-controls-be-the-answer-in-a-sea-of-vulnerabilities\">https:\/\/securityboulevard.com\/2024\/03\/can-compensating-controls-be-the-answer-in-a-sea-of-vulnerabilities<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<a><strong>An Introduction to the 2024 Annual Cyber-Threat Report<\/strong><\/a><br><em>ReliaQuest Blog<\/em><br>ReliaQuest has published the 2024 Annual Threat Report (ATR), providing a comprehensive overview of the evolving cyber threat landscape<br>The report covers key cyber threats and events observed in 2023, offering quantitative and qualitative analysis to empower defenders with insights and tools to anticipate and defend against these threats<br>Key findings:<br>71.1% of observed attacker tactics, techniques, and procedures (TTPs) involved spearphishing links or attachments, with a 51% increase in QR code phishing (quishing)<br>Drive-by compromise incidents involved downloading disguised malicious files, primarily via SocGholish and SolarMarker malware<br>Business Email Compromise (BEC) attacks increased by 246%, largely due to the adoption of phishing-as-a-service (Phaas) offerings<br>Threat actors increasingly used Living off the Land (LotL) techniques for defense evasion, allowing them to maintain access for extended periods<br>Extortion activity increased by 74.3% in 2023, with LockBit alone naming over 1,000 companies on its data-leak site<br>Over 6 billion leaked credentials were discovered, bringing the total to 36 billion<br>Cybercriminal forums show growing interest in weaponizing AI technology for attacks<br>Threat actors are automating various stages of their attacks or the entire attack chain<br>Customers using AI and automation saw a reduction in their Mean Time to Respond (MTTR) to 58 minutes, down 98.8% from 2022<br>The report emphasizes the need for defenders to stay informed about evolving threats and adopt strategic defense actions to mitigate cyber risks effectively<br>ReliaQuest aims to empower security teams with knowledge and tools to anticipate and defend against these threats, reflecting their mission to make security possible for organizations by increasing visibility, reducing complexity, and managing risk.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.reliaquest.com\/blog\/2024-annual-cyber-threat-report\/\">https:\/\/www.reliaquest.com\/blog\/2024-annual-cyber-threat-report\/<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.n-able.com\/wp-content\/themes\/nable.2021\/img\/favicon\/favicon.ico\">&nbsp;<a><strong>N\u2011able Builds on the Ecoverse Vision by adding Rewst and HaloPSA Integrations<\/strong><\/a><br><em>contact@csimarket.com (Contact Csimarket)<\/em><br><em>N-Able Press Release<\/em><br>N-able, a global software company, has unveiled its Ecoverse vision to harmonize and transform modern IT management, enabling MSPs to be more efficient, resilient, and drive opportunities through an open, unified ecosystem<br>The company has announced integrations with Rewst and HaloPSA as a step towards realizing this vision<br>Highlights:<br>N-able&#8217;s Ecoverse is an open ecosystem designed to seamlessly connect disparate tools for cloud and on-premises resources, allowing them to work better together and support seamless workflow automation, integrated intelligence, and insights<br>The Ecoverse vision aims to deliver unified management, cybersecurity, and data protection capabilities across physical devices, user identities, cloud resources, and data<br>Rewst integrations allow MSPs to automate end-to-end workflows across multiple products, shorten time to value with pre-built automations, and connect applications without writing and maintaining scripts or using APIs<br>HaloPSA integrations provide AI-assisted ticket resolution, streamline the workflow between RMM and PSAs, and allow for better management and auditing of tickets within HaloPSA for alerts<br>N-able&#8217;s Ecoverse vision is built to make MSPs more efficient, resilient in the evolving threat landscape, and unlock opportunities for business optimization and growth<br>The integrations with Rewst and HaloPSA are just the beginning of N-able&#8217;s Ecoverse journey to build a leading MSP open ecosystem.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.n-able.com\/press\/press-releases\/n-able-builds-on-the-ecoverse-vision-by-adding-rewst-and-halopsa-integrations\">https:\/\/www.n-able.com\/press\/press-releases\/n-able-builds-on-the-ecoverse-vision-by-adding-rewst-and-halopsa-integrations<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.tbsnews.net\/sites\/all\/themes\/sloth_amp\/favicon.ico\">&nbsp;<a><strong>2024 Sophos Threat Report: Ransomware still the biggest threat<\/strong><\/a><br><em>The Business Standard<\/em><br>Sophos&#8217;s 2024 Threat Report, titled &#8220;Cybercrime on Main Street,&#8221; highlights the biggest threats facing small- and medium-sized businesses (SMBs)<br>The report reveals that nearly 50% of malware detections for SMBs in 2023 were keyloggers, spyware, and stealers, which attackers use to steal data and credentials for unauthorized access, extortion, and ransomware deployment<br>Highlights:<br>Ransomware remains the biggest cyber threat to SMBs, with LockBit being the top ransomware gang, followed by Akira and BlackCat<br>Ransomware operators are changing tactics, including leveraging remote encryption (increased by 62% between 2022 and 2023) and targeting managed service providers (MSPs)<br>Business email compromise (BEC) attacks were the second highest type of attacks handled by Sophos Incident Response (IR) in 2023, with attackers using more sophisticated social engineering techniques<br>Attackers are experimenting with new formats for malicious content, such as embedding images with malicious code or sending malicious attachments in OneNote or archive formats<br>In one case investigated by Sophos, attackers sent a PDF document with a blurry, unreadable thumbnail of an &#8220;invoice,&#8221; with the download button containing a link to a malicious website<br>The report emphasizes the need for SMBs to remain vigilant and proactive in their cybersecurity measures to protect against these evolving threats.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.tbsnews.net\/tech\/2024-sophos-threat-report-ransomware-still-biggest-threat-816961?amp\">https:\/\/www.tbsnews.net\/tech\/2024-sophos-threat-report-ransomware-still-biggest-threat-816961?amp<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/technologyreseller.uk\/wp-content\/uploads\/2020\/05\/cropped-Screenshot-2020-05-08-at-17.32.39-32x32.png\">&nbsp;<a><strong>Acumen launches to protect modern businesses from complex cyber threats 24\/7<\/strong><\/a><br><em>Technology Reseller<\/em><br>Acumen, a cyber security services provider, has launched in the UK market with the goal of becoming one of the top five Managed Security Service Providers (MSSPs) in the country within the next five years<br>The company offers a fully managed 24\/7 Security Operations Centre (SOC) and partners with leading technology providers such as CrowdStrike, Elastic, Fortinet, and Barracuda<br>Highlights:<br>Acumen&#8217;s approach views security as an engineering challenge, focusing on technology, processes, automation, and intelligent workflows to help defenders<br>The company was established as an independent MSSP by the leadership team of Silver Cloud, with nearly two years of well-funded innovation, research, and development<br>Acumen offers managed Extended Detection and Response (XDR), Security Information and Event Management (SIEM), training, and consultancy services<br>The company aims to extend enterprise-level services to the broader market, which has been underserved by managed service providers relying solely on software solutions<br>Acumen&#8217;s team of expert engineers provides guidance, support, and value to clients, emphasizing that cyber security is an ongoing journey rather than a destination<br>The company&#8217;s choice of market-leading technology partners demonstrates its commitment to innovation and staying ahead of the evolving threat landscape<br>Acumen&#8217;s entry into the UK market brings a unique approach to cyber security, combining expert engineers, cutting-edge technology, and a focus on delivering tailored solutions to help organizations navigate the complexities of the digital realm.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/technologyreseller.uk\/acumen-launches-to-protect-modern-businesses-from-complex-cyber-threats-24-7\">https:\/\/technologyreseller.uk\/acumen-launches-to-protect-modern-businesses-from-complex-cyber-threats-24-7<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<a><strong>NTT DATA: newly united and ready for the digital future<\/strong><\/a><br><em>NTT DATA<\/em><br><em>The Edge<\/em><br>NTT DATA, a Japan-based global IT services provider, has recently unified its overseas businesses, including NTT Ltd, under the NTT DATA banner<br>With more than 190,000 employees in over 50 countries, including 14 across the Asia Pacific region, NTT DATA delivers comprehensive business and technology solutions, as well as consulting services across applications, operations, and infrastructure<br>Key points:<br>NTT DATA focuses on cloud computing, networks, cybersecurity, technology solutions, data centers, and more to help clients realize a digital future<br>The company invests US$3.6 billion in research and development annually and collaborates with leading technology companies to find innovative solutions<br>NTT DATA is pioneering digital twins to enhance modeling and prediction in various industries<br>The company leverages the convergence of IT and connectivity services to connect people and things, manage applications, data, and infrastructure, and help clients work more efficiently<br>NTT DATA is committed to sustainability, aiming to achieve net-zero emissions across its operations by 2030 and across its value chain by 2040<br>The company supports its clients&#8217; journeys to net-zero through green technology and digital sustainability services<br>NTT DATA ranks near the top of its industry in S&amp;P Global ESG Scores across environmental, social, governance, and economic categories<br>NTT DATA&#8217;s unique stack of services across consulting, applications, operations, and infrastructure can help organizations revolutionize their business from edge to cloud and make digital transformation a reality.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.theedgesingapore.com\/news\/special-feature\/ntt-data-newly-united-and-ready-digital-future\">https:\/\/www.theedgesingapore.com\/news\/special-feature\/ntt-data-newly-united-and-ready-digital-future<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<a><strong>TheMoon malware infects 6,000 ASUS routers in 72 hours for proxy service<\/strong><\/a><br><em>Bill Toulas<\/em><br><em>Bleeping Computer<\/em><br>A new variant of the &#8220;TheMoon&#8221; malware botnet has been discovered infecting thousands of outdated small office and home office (SOHO) routers and IoT devices in 88 countries<br>The malware is linked to the &#8220;Faceless&#8221; proxy service, which uses some of the infected devices as proxies for cybercriminals to anonymize their malicious activities<br>Key points:<br>Black Lotus Labs researchers observed 6,000 ASUS routers being targeted in under 72 hours during the latest TheMoon campaign, which started in early March 2024<br>Malware operations such as IcedID and SolarMarker currently use the Faceless proxy botnet to obfuscate their online activity<br>TheMoon targets vulnerabilities in end-of-life ASUS routers, likely by exploiting known vulnerabilities in the firmware, brute-forcing admin passwords, or testing default and weak credentials<br>Once the malware gains access to a device, it sets up iptables rules, contacts NTP servers to detect sandbox environments, and connects with the command and control (C2) server for instructions<br>Faceless is a cybercrime proxy service that routes network traffic through compromised devices for customers who pay exclusively in cryptocurrencies<br>One-third of the infections last over 50 days, while 15% are lost in under 48 hours, indicating varying levels of monitoring and detection<br>To defend against these botnets, users should use strong admin passwords, upgrade device firmware, and replace end-of-life devices with actively supported models<br>Common signs of malware infection on routers and IoTs include connectivity problems, overheating, and suspicious setting changes.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service\">https:\/\/www.bleepingcomputer.com\/news\/security\/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/layersevensecurity.com\/wp-content\/uploads\/favicon.png\">&nbsp;<a><strong>FBI and CISA Issue Alert for Threat Actors Actively Exploiting SQL Injection Vulnerabilities<\/strong><\/a><br><em>Layer Seven<\/em><br>The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert urging organizations to address SQL injection vulnerabilities in their software<br>The alert is based on recent exploits by the Russian cybercrime group CL0P, also known as TA505, which has extorted an estimated $100M from organizations using ransomware<br>Key points:<br>TA505 exploits SQL injection vulnerabilities to install web shells in compromised servers, enabling them to execute operating system commands, install ransomware, and exfiltrate data<br>The group is believed to have breached 130 organizations in just 10 days<br>SQL injection vulnerabilities occur when user inputs are included in SQL commands to execute database queries, allowing threat actors to access and modify sensitive data, change programs and system configurations, and install and execute malicious programs<br>The risk of SQL injection can be mitigated using input validation, output encoding, escaping, and quoting<br>SAP software undergoes security testing to detect and remove potential SQL injection vulnerabilities, but securing custom programs deployed to SAP systems is the responsibility of each SAP customer<br>The Cybersecurity Extension for SAP is an SAP-certified addon that automatically detects SQL injection vulnerabilities in custom SAP ABAP programs and SAP UI5 applications, integrating with the ABAP Test Cockpit (ATC), SAP Code Inspector (SCI), and Transport Management System (TMS)<br>The alert highlights the importance of addressing SQL injection vulnerabilities to prevent cybercrime groups from exploiting them to propagate ransomware and compromise sensitive data<br>Organizations using SAP systems should ensure that their custom programs are secure and consider using tools like the Cybersecurity Extension for SAP to detect and prevent SQL injection vulnerabilities.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/layersevensecurity.com\/fbi-and-cisa-issue-alert-for-threat-actors-actively-exploiting-sql-injection-vulnerabilities\">https:\/\/layersevensecurity.com\/fbi-and-cisa-issue-alert-for-threat-actors-actively-exploiting-sql-injection-vulnerabilities<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.globenewswire.com\/Content\/logo\/favicon.ico\">&nbsp;<a><strong>WatchGuard Threat Lab Analysis Shows Surge in Evasive<\/strong><\/a><br><em>WatchGuard Technologies, Inc<\/em><br><em>Globe Newswire<\/em><br>WatchGuard Technologies, a global leader in unified cybersecurity, has released its latest Internet Security Report detailing the top malware trends and network and endpoint security threats analyzed by WatchGuard Threat Lab researchers<br>The report, featuring data from Q4 2023, highlights several key findings:<br>Evasive, basic, and encrypted malware increased in Q4, leading to an 80% rise in average malware detections per Firebox compared to the previous quarter<br>TLS and zero-day malware instances also increased, with 55% of malware arriving over encrypted connections and 60% of all malware detections being zero-day<br>Two of the top 5 most-widespread malware variants, JS.Agent.USF and Trojan.GenericKD.67408266, redirect users to malicious links and attempt to load DarkGate malware on the victim&#8217;s computer<br>There was a resurgence in script-based threats and browser-based exploits, with PowerShell being the top attack vector used by hackers on endpoints<br>Four of the top 5 most-widespread network attacks targeted Exchange servers, associated with ProxyLogon, ProxyShell, and ProxyNotShell exploits<br>Cyberattack commoditization continues, with Glupteba and GuLoader being among the top 10 most prevalent endpoint malware in Q4<br>Ransomware detections declined by 20% compared to the previous quarter, possibly due to law enforcement&#8217;s ongoing takedown efforts of ransomware extortion groups<br>The report emphasizes the need for organizations to adopt a defense-in-depth approach, update systems and software, and consider modern security platforms operated by managed service providers to combat the latest threats effectively.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.globenewswire.com\/news-release\/2024\/03\/27\/2852882\/0\/en\/WatchGuard-Threat-Lab-Analysis-Shows-Surge-in-Evasive-Malware-Supercharging-an-Already-Powerful-Threat-Wave.html\">https:\/\/www.globenewswire.com\/news-release\/2024\/03\/27\/2852882\/0\/en\/WatchGuard-Threat-Lab-Analysis-Shows-Surge-in-Evasive-Malware-Supercharging-an-Already-Powerful-Threat-Wave.html<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.customonline.com\/wp-content\/uploads\/cropped-CCS_Button_Web-32x32.png\">&nbsp;<a><strong>Don\u2019t Make These Incident Response Planning Mistakes<\/strong><\/a><br><em>MaryAnn Benzola<\/em><br><em>Customer Online<\/em><br>This blog post highlights the importance of having a solid incident response plan to protect businesses from cyberattacks<br>It discusses common mistakes, myths, and misconceptions that can hinder the development of a strong response plan and offers simple solutions to navigate cyber challenges effectively<br>Common mistakes to avoid:<br>Thinking cyber incidents only come from external attacks: Ignoring internal threats can create opportunities for cyberattacks<br>Internal mistakes, such as ineffective processes or human errors due to inadequate training, can also lead to data breaches<br>Focusing only on technology: An effective incident response plan goes beyond technology and includes communication plans, legal considerations, and damage control strategies<br>Not updating your response plan: Without regular review, updates, and practice, a response plan will become ineffective<br>Simulations and post-incident analysis are crucial for identifying the root cause of a problem and avoiding future reoccurrence<br>Solutions:<br>Invest in your employees and set up a process: Train employees on cybersecurity best practices and establish protocols for handling sensitive information<br>Periodically review internal processes to find and resolve issues that could lead to data leakage<br>Build a complete response plan: Train your response team on both tools and processes, develop clear communication protocols, define roles and responsibilities, and ensure your team understands legal obligations related to data breach regulations<br>Consistently review your response plan: Establish a process for regular reviews, adapt your response plan to keep up with the evolving threat landscape, and conduct periodic simulations to refine your response strategy and ensure team readiness<br>The blog post also suggests partnering with an experienced IT service provider if businesses lack the resources and tools to build an effective incident response plan<br>By choosing the right strategic partner, businesses can fortify themselves against ever-evolving cybersecurity threats and achieve peace of mind.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.customonline.com\/tech-insights\/dont-make-these-incident-response-planning-mistakes\">https:\/\/www.customonline.com\/tech-insights\/dont-make-these-incident-response-planning-mistakes<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents &nbsp;Stellar Cyber Integrates with Exium to Streamline Cybersecurity InvestigationsBusiness WireStellar Cyber, a leading provider of Open XDR software, announced a new integration with Exium&#8217;s MSP-driven Zero Trust SASE PlatformThis integration allows users of Stellar Cyber&#8217;s Open XDR platform to streamline comprehensive cybersecurity investigations and take decisive response&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[],"class_list":["post-5137","post","type-post","status-publish","format-standard","hentry","category-security-operations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/posts\/5137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/comments?post=5137"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/posts\/5137\/revisions"}],"predecessor-version":[{"id":5138,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/posts\/5137\/revisions\/5138"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/media?parent=5137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/categories?post=5137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-json\/wp\/v2\/tags?post=5137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}