February | No Love for Cyber Risk

Welcome to the February Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!

?? IN THIS ISSUE:

1. Updates from Deepwatch
2. Deepwatch Insights: Facts & Action to Take on Ivanti Zero-day CVEs
3. Curated Cyber Threat Intelligence
4. Infosec Updates
5. ICYMI?
6. Deepwatch Careers

??? Welcome to the Deepwatch Overwatch Podcast

Join Deepwatch experts in discussing how they handle complex operations and the best practices they have developed over years of effective security operations in our new cybersecurity podcast.

We kicked off episode 1 by taking a look back at the 2023 cybersecurity landscape, discussing:

• Major events and challenges of the last year
• A look at cybersecurity regulation and reporting
• Cybersecurity budgets and business risk
• Shifts in social engineering tactics

?? Watch and subscribe for future episodes !

A New Service from Deepwatch

Threat Signal , our new standalone forensic-focused operations service, finds advanced cyber threats that have bypassed existing controls by providing deeper insight into your threat landscape. This specialized solution goes deeper than conventional security measures, providing a heightened level of confidence in uncovering and addressing any underlying threats within your organization.

Check out more information in the datasheet here .

?? Insights Blog: Security Leader’s TLDR: Facts & Action to Take on Ivanti Zero-day CVEs

Written by: Bill Bernard, VP of Security Strategy

Ivanti's remote access solutions were impacted by a zero-day issue that allows unauthenticated, remote code execution. Viable mitigation has been slow to arrive.

Patches were scheduled to start rolling out for some versions the week of January 22 and continue to roll out for other versions through mid-February.? These vulnerabilities are currently being attacked by malicious actors.

While these vulnerabilities are being actively exploited in the wild, we don’t know how widely this will be exploited, and with patches being delayed, we can only assume exploitation will continue. Visit this Ivanti update page for the latest patches.

?? Here is a TL;DR blog regarding the details of this incident.

?? Deepwatch Threat Intelligence

Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.

?? New qBit Infostealer, Cybercriminals Utilize Microsoft’s App Installer to Deploy Malware, and a Google Exploit Restores Expired Cookies to Allow Persistent Access

• qBit Stealer, a Customizable File Stealing Malware, Publicly Released
• Various Financially Motivated Cybercriminals Utilize Microsoft’s App Installer to Deploy Malware
• Infostealers Incorporate Google Exploit to Restore Expired Google Cookies, Allowing Persistent Access

Read more on these topics here .?

?? NVIDIA Executable for DLL Sideloading, Phishing with AsyncRAT, and Compromised YouTube Channels Spread Lumma Stealer

• Multi-stage Intrusion Chain Uses NVIDIA Executable for DLL Sideloading to Establish C2 Communications
• Active Phishing Campaign Deploys AsyncRAT Since February, Uses Complex Evasion Tactics and DGA
• Compromised YouTube Channels Disseminate Lumma Stealer Through Multi-stage Infection Chain

Read more on these topics here .?

?? Github Abuses, Ivanti Connect Secure VPN Compromises, New Cloud Hacking Tool FBot, and Phemedrone Infostealer Targets Microsoft Windows Defender SmartScreen

• The Various Ways Threat Actors Abuse GitHub for Malicious Purposes
• Espionage Threat Actors Exploited Ivanti Connect Secure to Deploy Web Shells, Backdoors, and Credential Harvester
• FBot, the Hacking Tool Designed to Hijack Cloud, SaaS, and Web Services
• New Infostealer Campaign Exploits Windows Defender SmartScreen Vulnerability (CVE-2023-36025)

Read more on these topics here .

?? Androxgh0st Spooks Targets, Iranian APT Spear Phishing, North Korean ScarCruft Campaign Planning, and Critical Vulnerabilities in Confluence

• Androxgh0st Targets AWS, Office 365, SendGrid, and Twilio for Spamming, Web Shell Deployment, Exploits SMTP for Malicious Activities
• Iranian Operators Target High-Profile Individuals at Universities and Research Centers in Spear Phishing Campaign
• ScarCruft Likely Planning Future Campaign to Target Korean-Speaking Consumers of Threat Intelligence
• Massive Exploitation Attempts Observed Targeting Critical Vulnerability In Confluence Data Center and Confluence Server

Read more on these topics here .

→ Subscribe to Deepwatch Labs to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.

?? The Results Are In: No Love in Ransomware Resilience

In a recent LinkedIn poll, we emphasized how your ability to detect #ransomware in time can keep your organization out of the news and prevent damage to your brand. We asked our audience if they are currently confident in their organization's ability to successfully and quickly recover from a ransomware attack.?

Out of those who responded, 73% said "No", and 27% stated, "We're getting there".?

Not one individual responded with "Yes".?

The results of this poll are reflective of organizations within today's threat landscape lacking a strong cyber resilient strategy that they can be confident in.

As a reminder, we define cyber resilience as an organization's ability to anticipate, withstand, recover, and adapt in the face of evolving security challenges. Cyber threats are growing in complexity and security teams should understand attacks are now inevitable.

A few tips for enhanced cyber resilience:

?? Review the basics and prioritize updates or changes to improve your cybersecurity awareness and response.?

?? Conduct assessments of your tool utilization, tool updates, gap awareness, log ingestion trends, and other key security metrics.?

?? Consider threats unique to your industry, such as finance or healthcare, and review recent or upcoming changes to regulatory requirements.

Follow Deepwatch for more insights on how to become threat ready, building confidence in your team's ability to recover from anticipated attacks.

?? Trending Infosec Updates

?? ICYMI...

Our CEO, Charlie Thomas , recently sat down with The Cred Podcast to discuss valuable insights into the world of cybersecurity, decision-making in leadership, and the future trajectory of Deepwatch as a resilient and growth-focused organization.

??? Take a listen .

??? Find Your Career With Deepwatch!

We’re Hiring!

Our unique, fully remote work environment is developed with employee needs in mind, giving you the flexibility and benefits to make your career what you want. Explore current opportunities and learn how it feels to be part of a team of professionals who are passionate about driving positive change in the cybersecurity industry.?

View all open positions on our website here .

About Deepwatch

Deepwatch? is the leading managed security platform for the cyber resilient enterprise. The Deepwatch Managed Security Platform and security experts provide enterprises with 24/7/365 cyber resilience, rapid detections, high fidelity alerts, reduced false positives, and automated actions. We operate as an extension of cybersecurity teams by delivering exceptional security expertise, visibility across your attack surface, precision response to threats, and a compelling return on your security investments. The Deepwatch Managed Security Platform is trusted by many of the world’s leading brands to improve their security posture, cyber resilience, and peace of mind. Learn more at www.deepwatch.com .

Follow Deepwatch on LinkedIn and X (formerly Twitter) .