Beyond the Breach | June 2024 Newsletter

For the CISO

The top-of-mind-topic for today’s cybersecurity leaders.

Proactive security is becoming an increasingly higher priority—both for security teams and for business leadership. Some enterprises are turning to continuous threat exposure management—or CTEM—to restructure their cybersecurity programs.?

This formal, five-stage program first outlined by Gartner is designed to help organizations better manage cyber risk by finding and mitigating threats in an ongoing, proactive, and prioritized way. CTEM reorganizes existing proactive cybersecurity exercises into a more cohesive program. It doesn’t prescribe specific tooling, but gives options and suggestions for the types of security controls that organizations can leverage at each stage—most of which an organization may already have in place.??

The bottom line: breaches are expensive and reputation-damaging. Implementing a holistic approach like CTEM can help organizations systematically reduce risk, while increasing the ROI of tools they already have in place. To help with CTEM implementation and validation, leading organizations are increasingly turning to the complementary capabilities of breach and attack simulation (BAS) tools to maximize both efficiency and reliability. If you’d like to learn more, check out some of the resources below:

• [webinar] The Road to CTEM - How BAS Fuels a CTEM Program
• [blog] The Road to CTEM, Part 1: Breaking Down the 5 Phases
• [blog] The Road to CTEM, Part 2: The Role of Continuous Validation
• [Gartner report] Implement a Continuous Threat Exposure Management (CTEM) Program

Industry News

Threats, research, and events that are making headlines.

• A SafeBreach Labs researcher discovered a set of vulnerabilities and unprivileged rootkit-like techniques leveraging a known issue within the Microsoft Windows DOS-to-NT path conversion process: https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/

• Akira ransomware has begun targeting VMware ESXi virtual machines through a new Linux variant. It is believed that the group has successfully impacted over 250 organizations and has extorted nearly $42 million USD from the victims. https://www.safebreach.com/blog/akira-ransomware-cert-alert-aa24-109a/

• The EPA outlines enforcement measures to help prevent cybersecurity attacks and protect the nation’s drinking water. https://www.epa.gov/newsreleases/epa-outlines-enforcement-measures-help-prevent-cybersecurity-attacks-and-protect
• After Snowflake, Hugging Face reports security breach: https://www.csoonline.com/article/2137564/after-snowflake-hugging-face-reports-security-breach.html

• Nissan suffered a data breach last November in a ransomware attack that exposed the social security numbers of thousands of former and current employees. https://www.cbsnews.com/news/nissan-data-breach-cyberattack/

• Dell confirms its database was hacked—hacker says 49 million customers hit. https://www.forbes.com/sites/daveywinder/2024/05/10/dell-confirms-database-hacked-hacker-says-49-million-customers-hit/

• SafeBreach was recently named the Market Leader in the Breach & Attack Simulation category in the 2024 Annual Global InfoSec Awards . SafeBreach was commended for its innovative approach and its dedication to keeping its threat detection up-to-date. https://www.safebreach.com/pressroom/safebreach-named-winner-of-global-infosec-award-during-rsa-conference-2024/

Resource Station: Detection Engineering

Tools and topics to make your life a little easier.?

As threat actors evolve, so must we. In today’s threat environment, it’s all about building our own security dogs to sniff out threats before they bite. For this, enterprise cybersecurity teams turn to detection engineering. We’ve put together some resources that dive into this emerging cybersecurity discipline and the ways that BAS can help teams establish a detection engineering program or optimize one that's already well established.

• [Blog] Evolving Detection Engineering Capabilities with Breach & Attack Simulation (BAS)
• [Solution Brief] Detection Engineering with SafeBreach
• [Webinar] Evolving Detection Engineering Capabilities with BAS
• [Case Study] Discovering Unknown Problems in the Alert Pipeline

SafeBreach Original Research Highlight

The latest from the most advanced threat research team in the BAS industry.

SafeBreach Labs has been busy this conference season presenting their original research at BlackHat Asia and CONFidence Con. See the full research blogs below.

• MagicDot: A Hacker’s Magic Show of Disappearing Dots and Spaces presented at Black Hat Asia by Security Research Team Lead Or Yair?
• The Dark Side of EDR: Repurpose EDR as an Offensive Tool presented at Black Hat Asia and CONFidence Con by Security Researcher Shmuel Cohen?
• DoubleDrive: Double Agents Hide Behind The Clouds from Security Research Team Lead Or Yair?
• The Pool Party You Will Never Forget: New Process Injection Techniques Using Windows Thread Pools presented at CONFidence Con by? Security Researcher Alon Leviev
• EDR Reloaded: Erase Data Remotely presented at Black Hat Asia and CONFidence Con by VP of Security Research Tomer Bar and Security Researcher Shmuel Cohen

This research is used to make original attack content available within the SafeBreach platform to help customers validate their environment against these vulnerabilities and techniques—and it isn't available anywhere else.

Afterword

Tidbits from the SafeBreach team.

Another amazing event in the books for Validate, SafeBreach’s premier customer conference.

Validate Central 2024 took place at the end of May, and once again, presenters and attendees alike brought lively, thought-provoking discussions to the table. We covered everything from addressing threats in the era of artificial intelligence, to leveraging BAS to evolve and enhance detection engineering capabilities, to the CISO’s evolving role in managing cyber risk.

Stay tuned for blogs and videos from select discussions from Validate Central 2024. In the meantime, you can delve into past topics, including Architecting Cyber Resilience , Navigating Cybersecurity Regulation and Legislation , and Making the Most of Your Security Investments . And keep an eye out for upcoming Validate sessions—registration will soon open for a virtual Validate in September and an in-person Validate in New York in November.

Thoughts from SafeBreach co-founder and CEO Guy Bejerano

“Chasing after a ghost is not the right way [to approach cybersecurity]. Leveraging everything that is already known is way more efficient in increasing your chances against threats.”?- Guy Bejerano?

Guy was recently a guest on the Security Breach podcast for Manufacturing.net . Hear more from Guy about what it means to think like a hacker, but defend like a CISO:? Security Breach Podcast: Stop Chasing Cyber Ghosts