July | The Watch: Beat the Cyberthreat Heat
Welcome to the July Edition of The Watch, featuring cyber intel from Deepwatch Labs, information security news, industry insights, and upcoming Deepwatch events. Hit the subscribe button to stay in the know!
?? IN THIS ISSUE:
The Evolution of Ransomware Detection and Response
Join Deepwatch Chief Technology Officer Wesley M. as he answers pertinent questions relating to the state of ransomware in 2023 and what organizations can do to both ward off potential ransomware breaches and efficiently recover if a breach is detected.
?? Insights Blog: AI, Machine Learning, and the SOC
Written by: Zane West , VP, Product and Services Strategy
Take a deep dive into the pros and cons of AI and ML SOC integration, covering pertinent topics such as investigation optimization, machine-driven threat hunting, and the roles generative AI can play in a SOC environment.
?? Deepwatch Cyber Threat Intelligence
Deepwatch provides curated cybersecurity threat intelligence to keep your organization and SOC ahead of the latest security threats and zero-day vulnerabilities. Below are a few top cyber threats & insights from the past month.
?? Active Exploitation of MOVEit Transfer Leads to Data Theft
What Happened
An unknown threat actor has successfully exploited an unauthenticated SQLi vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer product. The actor demonstrated technical skills and knowledge of SQLi techniques, indicating expertise in exploiting vulnerabilities within managed file transfer (MFT) platforms. Data theft and potential extortion are significant concerns, as the threat actor automatically exfiltrated multiple gigs of data from organizations in the Finance and Insurance sector via the use of a subsequently deployed webshell.
?? LockBit Ransomware: Exploiting Vulnerabilities at Will
What Happened
LockBit ransomware affiliates exhibit adaptability and sophistication, posing a high threat to all industries. They exploit known vulnerabilities and use diverse attack tactics, causing operational downtime, data loss, and significant financial costs. Industries heavily dependent on their data and IT infrastructures are particularly vulnerable, such as Healthcare, Finance, Government, and Manufacturing.
?? TrueBot: A Continuing Threat to the Financial Sector and Now the Educational Sector
What Happened
A persistent threat to the Financial and Educational Sectors TrueBot, attributed to the Silence Group, is a downloader trojan botnet that poses a high risk to financial and educational institutions. Known for their advanced capabilities, the Silence Group leverages TrueBot to compromise systems through malicious emails and exploiting Netwrix vulnerabilities. Once infiltrated, these compromised systems become launching points for future attacks.
?? Rising Threat: Vendor and Contractor Accounts – The New Frontier for Cyber Adversaries
What Happened
Adversaries, including Advanced Persistent Threat (APT) groups, cybercriminal organizations, and individual actors, are skillfully leveraging the trust placed in third-party vendors and contractors to breach network security. By exploiting VCAs, these malicious actors bypass traditional security measures and gain unauthorized access to critical systems, with motivations ranging from data theft and espionage to disruption.
Subscribe to stay up-to-date on the latest cyber threat intelligence, advisories, and recommendations.
?? Deepwatch June Partner Events?
AWS re:Inforce
The folks at Deepwatch spent the week connecting with partners and a lucky winner received an electric guitar!
Gartner Security & Risk Management Summit
At this year’s Gartner Security & Risk Management Summit, the Deepwatch team got a first-hand look at the industry’s top cybersecurity factors of 2023. Deepwatch CISO, David Stoicescu, also hosted a session on the importance of staying ahead of the AI curve.
?? Deepwatch Overview
At Deepwatch, we offer comprehensive security technology, human-led threat hunting expertise, and custom-tailored operational processes to provide the fastest, most effective managed detection and response service.
Check out our company overview to learn more.
?? Deepwatch News!
2023 Fortress Cyber Security Award Winner!
We are proud to be named a 2023 Fortress Cyber Security Awards winner in the Threat Detection category for the second consecutive year!
This Business Intelligence Group industry award recognizes our effort in meeting the growing demand for stronger cybersecurity and serves as a testament to Deepwatch furthering its leadership position in the market.
领英推荐
Deepwatch and Lacework Partner to Deliver Unrivaled Cloud Security Solutions!
We're excited to announce a global strategic partnership with Lacework, the data-driven cloud security platform, to offer organizations comprehensive and proactive security solutions.?
This strategic partnership combines Deepwatch's MDR expertise with Lacework's advanced cloud security analytics, providing enterprises with an unmatched level of protection against modern cyber threats.
Click Here to read the full press release to learn more about which challenges this partnership will address head-on.
Deepwatch Announces AWS Built-In Solution!
We're excited to announce we have worked with Amazon Web Services (AWS) to complete an AWS built-in MDR solution that automatically installs, configures, and integrates with native AWS Cloud Foundational Services across multiple domains such as identity, security, and operations!
This built-in solution is specifically designed for AWS Organizations with Control Tower and allows them to achieve heightened security posture, robust threat detection, and rapid incident response.
Read the full press release to learn more.
?? Trending Infosec News
?? Employee Spotlight | Celebrating Caribbean Heritage!
Throughout the month of June, we honored Caribbean American Heritage Month and the invaluable contributions of individuals of Caribbean descent! At Deepwatch, we recognize the power of diversity in fostering collaboration and strengthening our cybersecurity community. We spoke with some of our team who shared their unique perspective as a Caribbean American individual!
"I come from an Indo-Caribbean family hailing from Guyana. The power of education was instilled in me from a young age by my parents.? My grandparents never had the opportunity to complete their education when they were very young, since they had to help their parents in the sugarcane fields and rice paddies.? Thus, staying motivated to complete my education became a major driving force in my passion to be successful in cybersecurity.? I treat it as my duty to give back to my parents, grandparents, and my ancestors, who went through so many sacrifices." - Emily Lackraj , Endpoint Security Administrator I
"I am Haitian and my family has always worked as much as they can no matter what. Even when I feel sick I want to work because all I know is the harder I work the better it is for me. This is why I have one of the best tickets in the analyst community." - Wendy Duveillaume , Security Analyst III
"I am Puerto Rican. My parents came to the US in the early 70’s with next to nothing. FAMILY is the core of who I am because of my grandparents and elders. My grandparents had 15 children and had to work really hard to provide their children with the American dream. My heritage has given me a strong sense of cultural identity, instilling values, traditions, and perspectives that shape my worldview and interactions that I have with others. My parents have always been hard working which was innately instilled in me as a child. Providing my brother and I with a strong education was always the biggest priority for my parents. I am proud to be the first in my family to graduate from a four year university which allowed me to set the bar for others to follow. We are prideful and resilient people, which has enabled me to navigate obstacles in life and adapt to different circumstances, both in my personal life and professional career." - Omaira (Mye) B. , Sr. Director of People Strategy
?? ICYMI…
In today's threat landscape, organizations should make it a priority to exercise their Incident Response Plan.?
In our latest webinar, Deepwatch's Jerrod Barton and Kyle S. emphasize the significance of this proactive measure for security teams.?
?? UPCOMING EVENTS...
We’re Heading to Splunk .conf23!
Deepwatch will be attending Splunk ’s .conf23 event happening from July 17-20 in Las Vegas, NV. Come join us to learn more about how you can effectively deal with modern cyber threats and better prepare for whatever new cybersecurity challenges are on the horizon.
About Deepwatch
Deepwatch is the leader in managed detection and response, protecting organizations from growing cyber threats 24/7/365. Powered by the Deepwatch SecOps Platform, we provide the industry’s fastest, most comprehensive detection and automated response to cyber threats along with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business. Visit www.deepwatch.com to learn more.
Next Trend Realty LLC./wwwHar.com/Chester-Swanson/agent_cbswan
1 年Thanks for Sharing.