AttackIQ

?? Big News: AttackIQ Acquires DeepSurface to Strengthen Adversarial Exposure Validation (AEV) ?? We’re excited to announce the acquisition of DeepSurface Security, a leader in security posture management and vulnerability prioritization. This move enhances our AEV platform, giving organizations a proactive, intelligence-driven approach to identifying and mitigating exposures before they can be exploited. By integrating DeepSurface’s advanced vulnerability context and attack path mapping, we’re empowering security teams to move from reactive security to a continuously validated, threat-informed defense. ?? Learn more: https://lnkd.in/eCAnfuM3 #CyberSecurity #AttackIQ #AdversarialExposureValidation #ThreatInformedDefense

Our latest assessment template emulates the stealthy tactics of Salt Typhoon, a Chinese APT targeting critical sectors. ?? Key techniques emulated: ?? Process Injection (T1055) – Injects shellcode into legitimate processes for stealthy execution. ?? DLL Side-Loading (T1574.002) – Uses trusted executables to execute malicious payloads. ?? Scheduled Task Abuse (T1053.005) – Maintains persistence by executing malicious tasks. ?? OS Credential Dumping (T1003.001) – Extracts credentials from LSASS memory. ?? Lateral Movement via WMI (T1047) – Executes remote commands to spread within the network. With detection and mitigation insights mapped to MITRE ATT&CK, this emulation provides a structured way to assess security controls, identify gaps, and optimize defenses against a highly-resourced and evasive threat. ?? Test your defenses today: https://bit.ly/3RjLF1n #AdversaryEmulation #SaltTyphoon #APT #ThreatIntelligence #ExposureValidation

The Cloud is Your Biggest Asset—And Your Biggest Risk With identity, authentication, and critical operations moving to the cloud, a single misconfiguration can open the door to a major breach. So how can security teams focus on the right risks? In a new article, Paul Reid, VP of Adversary Research at AttackIQ, shares what organizations must do now to protect their cloud environments in 2025. https://lnkd.in/e4Y457yd #CloudSecurity #ThreatIntelligence #SecurityValidation #CyberRisk

In our recent webinar, Enhancing CTEM with MITRE ATT&CK, Carl Wright and Christopher Kennedy tackled one of the biggest challenges in security today: bridging the gap between cybersecurity teams and the boardroom. Missed the webinar? Catch the recording here: https://lnkd.in/ezt9XbMz #MITRE #ExposureManagement #ExposureValidation

Customers rely on our solution to drive innovation, improve efficiency, and enhance decision-making, because when it comes to cybersecurity, proactive beats reactive. ?? #ContinuousThreatExposureManagement #BreachAndAttackSimulation #CTEM #BAS #AEV . *Security?Lead in the Insurance (except health) Industry gives AttackIQ Platform 5/5 Rating in Gartner Peer Insights? Breach and Attack Simulation (BAS) Tools Market. Read the full review here: https://gtnr.io/UTfqfsYtJ #gartnerpeerinsights

Are you keeping up with the latest ransomware threats? With a surge of new adversary activity already in 2025, it’s tough to stay on top of it all. That’s why, on April 10th, we’re bringing together two adversary research engineers (Andrew Costis ("AC") and Ian Rogers) to help you prioritize the most critical threats and understand the techniques utilized by those threats. Secure your spot now: https://bit.ly/41L5btO #Ransomware #Medusa #Akira #Ransomhub #AdversaryResearch #Cybersecurity

We’re excited to share that Carl Wright, Chief Commercial Officer at AttackIQ, will be moderating 10Fold Communications' Annual Security Never Sleeps Event during RSAC 2025! With so many cybersecurity products and services on the market, it can be difficult to stand out. This informative luncheon brings together industry leaders to discuss what resonates with security decision-makers and how the best vendor relationships are built. ?? When: Wednesday, April 30, 2025 If you're attending RSAC 2025, don’t miss this opportunity to gain exclusive insights from top cybersecurity leaders. Secure your spot now:?https://bit.ly/4hcjNH0 Paul Craft Sachin Vaidya #RSAC?#Cybersecurity?#SecurityNeverSleeps?#ThreatInformedDefense

?? One week until OptivCon Denver! ?? Join AttackIQ on April 1st for a day of cybersecurity insights, networking, and hands-on learning. Earn CPE credits, connect with industry professionals, and stay ahead of the latest threats. ?? Hyatt Regency Denver ? 8:00 AM - 6:00 PM MST See you there! ?? https://bit.ly/3QZxQVJ Optiv #OptivCon #Cybersecurity #ExposureManagement #InfoSec

In our latest webinar, we break down the structure of NIST CSF and how it helps security teams strengthen their defenses. Watch the full webinar: https://lnkd.in/eFiqy8uc And let us know what cybersecurity frameworks you follow! ?? #Cybersecurity #NISTCSF #RiskManagement #CyberResilience

RansomHub is a Ransomware-as-a-Service (RaaS) operation using double extortion to encrypt and steal data. Its password-protected execution makes analysis difficult, and its ties to Knight and BlackCat/ALPHV suggest an evolving threat. ?? Why it matters: ?? Targets Windows, Linux, and ESXi, expanding its reach ?? Uses stolen data as leverage, increasing pressure on victims ?? Shares tactics with other major ransomware groups, signaling ongoing evolution Security teams must test their defenses against real-world ransomware tactics—because threats like RansomHub aren’t going away. ?? Dive deeper into the TTPs behind RansomHub—read the full blog: https://lnkd.in/eeUpT4YS #Ransomware #Cybersecurity #ThreatEmulation #SecurityOptimization #RansomHub