December | The Watch: ‘Tis the Season to be Wary
Welcome to the December Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!
?? IN THIS ISSUE:
Threat Management Drives Cyber Resilience
Cybersecurity environments continue to get more complex, interconnected, and dangerous. Threat actors are taking on more targets of opportunity than ever before.
As companies evaluate and exercise their cyber resilience plans, they should ask themselves: “Are we threat ready?”? Being threat ready is about reviewing the basics and prioritizing updates to improve your cybersecurity awareness and response.
Learn strategies to be threat ready in 2024 and hear first-hand stories directly from the field on its importance and effect on your cyber security risk.
?? Insights Blog: Supporting Cyber Resilience through Vulnerability Management Maturity
Written by: Robert Hundley , VM Manager
The maturity of your vulnerability management program is a vital component of your organization’s overall cybersecurity strategy. Asset visibility, gap assessment, vulnerability assessment, regular prioritization, and remediation are all crucial elements in achieving cyber resilience. Read this blog by Deepwatch subject matter expert, Rob Hundley, and consider your own VM management maturity.
?? Deepwatch Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.
?? Compromised VPN Credentials Lead to Rhysida Ransomware Deployment on ESXi and Windows Systems
Our report reveals how such an adversary leveraged compromised VPN credentials to orchestrate a Rhysida Ransomware attack. Their relentless determination to circumvent security barriers, employing legitimate tools and custom software, led to significant operational disruptions and financial extortion. Gain insights into their meticulous tactics and techniques, and learn why robust security measures like multi-factor authentication and advanced endpoint detection are crucial in mitigating these sophisticated threats.?
?? Citrix Bleed (CVE-2023-4966) Exploited by LockBit Affiliate
Are your Citrix NetScaler ADC and Gateway appliances secure? Dive into our latest report to understand the critical exploitation of the Citrix Bleed vulnerability (CVE-2023-4966) by LockBit affiliates. This comprehensive analysis reveals their sophisticated methods to bypass multi-factor authentication and deploy deceptive tactics. Learn about the extensive risks and impacts on your organization and discover essential mitigation strategies. Click to access the full insights.
Read more .?
?? Atlassian Confluence Data Center and Server Vulnerability (CVE-2023-22518) Exploited to Deliver Cerber Ransomware
Are you aware of the latest ransomware threat targeting Atlassian Confluence users? This week's report delves into the exploitation of CVE-2023-22518, which led to the deployment of Cerber ransomware. Discover how attackers gain unauthorized administrative access and their methods, including using PowerShell commands to deploy the ransomware. Learn about the ransomware's ability to collect sensitive data, encrypt files, and impede recovery processes. Essential for Confluence users, this report outlines the threat and provides strategic recommendations to enhance your cybersecurity defenses.?
?? StripedFly Malware Continues to Infect Systems, Estimated 250,000 Systems Infected so Far
StripedFly is a complex and multifaceted malware that operates under the guise of a cryptocurrency miner while concealing its true capabilities. The malware includes a framework with modules, including a cryptomining and SMBv1 infection module, similar to EternalBlue, to facilitate infection and expand functionality and a lightweight TOR network client.?
Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
领英推荐
?? Tips for Securing Your Holiday Shopping
The holiday season is often viewed as the most wonderful time of the year, but let's not make that the case for busy threat actors.
Below are four of the most damaging attacks security teams should look for and recommendations to reduce risks to retailers, manufacturers, payment processors, and pure e-commerce plays:
?? Credit Card Skimming
Routine web application scanning of both internal and external code will help identify any malicious scripts and hardening against XSS. Note that traditional VM scanning does not typically find these types of compromises. Check current source code against known good versions.
?? Point of Sale Malware
Ensure that VPN and RDP ports for POS devices are appropriately secured. Regularly scan systems for vulnerabilities and patch systems as soon as possible. Prioritization should be placed on internet-exposed systems with a focus on known vulnerabilities like those featured in CISA’s Known Exploited Vulnerabilities Catalog. Implement advanced endpoint solutions to help detect enterprise POS breaches early.
?? Bots that Shop
Look for a spike in login failures that could signal credential stuffing or indicate cracking bots trying to take over existing customer accounts. Be aware of any unusual spikes in account creation over a short period. Monitor web traffic coming from outside your typical delivery areas or regions. Look for dramatic increases in shopping cart abandonment that may signal denial of inventory bots. To be most effective, implement human verification processes to prevent bot buying.
?? Ransomware
Initial infection vectors are vulnerability exploitation, poorly configured apps, phishing, exposed RDP, or compromised credentials. Review admin privileges and ensure zero trust and 2FA. You should also review your ransomware disaster recovery plan and physically test backups.
?? Trending Infosec Updates
?? ICYMI...
?? We're thrilled to announce that CRN ? has chosen Christine LoPresti - National CAM, ePlus inc. - for its 2023 Channel Women on the Rise list!?
This annual list, formerly known as CRN Rising Female Stars, honors up-and-coming, dedicated, driven women who are leaving their mark and making a difference for solution providers throughout the IT channel. A big congratulations to Christine for this recognition!
?? Find Your Career With Deepwatch!
Our unique, fully remote work environment is developed with employee needs in mind, giving you the flexibility and benefits to make your career what you want. Explore current opportunities and learn how it feels to be part of the team.?
Join a dedicated team of professionals who are passionate about driving positive change in the cybersecurity industry.
?? Upcoming Events!
About Deepwatch
Deepwatch? is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com .
Follow Deepwatch on LinkedIn and X (formerly Twitter) .